High-risk tools in TradingView MCP
26 of the 102 tools in TradingView MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_runExecuteRun an action across multiple symbols and/or timeframes
-
chart_panExecutePan the chart by N bars. Positive bars = right (newer), negative = left (older). Use for
-
chart_zoomExecuteZoom in/out by a factor. factor > 1 = zoom in (fewer bars visible), factor < 1 = zoom out (more bars). Use
-
pane_focusExecuteFocus a specific chart pane by index (0-based)
-
pine_checkExecuteCompile Pine Script via TradingView\
-
pine_compileExecuteCompile / add the current Pine Script to the chart
-
pine_smart_compileExecuteIntelligent compile: detects button, compiles, checks errors, reports study changes
-
replay_autoplayExecuteToggle autoplay in replay mode, optionally set speed. WARNING: speed must be one of 100, 143, 200, 300, 1000, 2000, 3000, 5000, 10000 ms. Invalid values permanently corrupt your...
-
replay_startExecuteStart bar replay mode, optionally at a specific date
-
replay_stepExecuteAdvance one bar in replay mode
-
replay_stopExecuteStop replay and return to realtime
-
replay_tradeExecuteExecute a trade action in replay mode (buy, sell, or close position)
-
stream_startExecuteStart a live streaming buffer for quote/bars/values. Returns a stream_id. Claude then calls stream_read to drain accumulated changes. Use this for
-
stream_stopExecuteStop a stream and release its buffer. Always call this when done to free resources.
-
tab_newExecuteOpen a new chart tab
-
tab_switchExecuteSwitch to a chart tab by index
-
tv_launchExecuteLaunch TradingView Desktop with Chrome DevTools Protocol (remote debugging) enabled. Auto-detects install location on Mac, Windows, and Linux.
-
ui_clickExecuteClick a UI element by aria-label, data-name, text content, or class substring
-
ui_evaluateExecuteExecute JavaScript code in the TradingView page context for advanced automation
-
ui_fullscreenExecuteToggle TradingView fullscreen mode
-
ui_hoverExecuteHover over a UI element by aria-label, data-name, or text content
-
ui_keyboardExecutePress keyboard keys or shortcuts (e.g., Enter, Escape, Alt+S, Ctrl+Z)
-
ui_mouse_clickExecuteClick at specific x,y coordinates on the TradingView window
-
ui_open_panelExecuteOpen, close, or toggle TradingView panels (pine-editor, strategy-tester, watchlist, alerts, trading)
-
ui_scrollExecuteScroll the chart or page up/down/left/right
-
ui_type_textExecuteType text into the currently focused input/textarea element
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.