// SCAN REPORT

Kraken Pro MCP

17 tools. 4 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated: 12 Jun 2026

4 can modify or destroy data

13 read-only

17 tools total

Community server · catalogue entry verified 12/06/2026

How to control Kraken Pro MCP ↓

TOOL MAP

What Kraken Pro MCP exposes to your agents

Read (13) Write / Execute (0) Destructive / Financial (4)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous Kraken Pro MCP tools

Financial · Critical cancel_all_orders_after This tool affects all open financial orders on a live trading platform (Kraken Pro). Financial · Critical add_order This tool places a real financial order on the Kraken exchange, directly committing financial obligations by buying or selling assets. Financial · Critical amend_order Amending an order on a financial trading platform directly modifies a live trading order, which constitutes a financial operation. Destructive · High cancel_order Cancelling an order is an irreversible action — once cancelled, the order no longer exists in the order book and cannot be reinstated.

4 of Kraken Pro MCP's 17 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control Kraken Pro MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and Kraken Pro MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Block financial tools by default

{
  "cancel_all_orders_after": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Requires human approval."
      }
    ]
  }
}

Financial tools should be explicitly enabled per use case, not open by default.

Deny destructive operations

{
  "cancel_order": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Cap read operations

{
  "account_balance": {
    "limits": [
      {
        "counter": "account_balance_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register Kraken Pro MCP — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON KRAKEN PRO →

Free to start. No card required.

FULL CATALOGUE

All 17 Kraken Pro MCP tools

FINANCIAL 3 tools

Financial cancel_all_orders_after Dead man's switch: set countdown to cancel ALL your orders after timeout_seconds. Financial amend_order Atomic amend in-place (keeps identifiers & queue priority where possible). Financial add_order Place a new Kraken Spot order (REST AddOrder).

DESTRUCTIVE 1 tools

Destructive cancel_order Cancel a particular open order (or set of orders).

READ 13 tools

Read account_balance Get Account Balance: all cash balances, net of pending withdrawals. Read asset_info Asset metadata. Example assets: 'XBT,ETH,USDT' Read closed_orders closed_orders Read ohlc OHLC candles. Read order_book L2 order book (aggregated per price level). Read recent_spreads Recent top-of-book spreads (bid/ask). Read recent_trades Recent trades. Use the returned 'last' field as your next since. Read server_time Kraken server time (UTC). Read system_status Current system status / trading mode. Read ticker Level-1 ticker stats. Leave pairs None to get ALL. Read tradable_asset_pairs Tradable pairs & metadata. Example pairs: 'XBTUSD,ETHUSD'. Read trades_history trades_history Read open_orders Fetch open orders. Optionally filter by userref and include trades detail.

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about Kraken Pro MCP

Can an AI agent move money through the Kraken Pro MCP server? +

Yes. The Kraken Pro MCP server exposes 3 financial tools including cancel_all_orders_after, amend_order, add_order. Without a policy, an autonomous agent can call these with no spend caps, no rate limits, and no approval flow. PolicyLayer lets you block financial tools by default, require human approval, or set per-tool rate limits — enforced on every call.

Can an AI agent delete data through the Kraken Pro MCP server? +

Yes. The Kraken Pro MCP server exposes 1 destructive tools including cancel_order. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How many tools does the Kraken Pro MCP server expose? +

17 tools across 3 categories: Destructive, Read, Write. 13 are read-only. 4 can modify, create, or delete data.

How do I enforce a policy on Kraken Pro MCP? +

Register the Kraken Pro MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Kraken Pro MCP tool call.

Deterministic rules across all 17 Kraken Pro MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON KRAKEN PRO →

Free to start. No card required.

17 Kraken Pro MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.