Robinhood Mcp

Other

Connect to Robinhood's Agentic Trading MCP server and act on the user's behalf — list account/positions tools, analyze a portfolio, and place trades via the official MCP. Handles OAuth once and persists tokens outside the session so future sessions re-authenticate silently. Use when the user wants their agent to read or trade their Robinhood account.

Install

openclaw skills install @zmtucker/robinhood-mcp

Robinhood Agentic Trading (MCP)

This skill connects to Robinhood's official Agentic Trading MCP server (https://agent.robinhood.com/mcp/trading, a remote Streamable-HTTP MCP endpoint) and lets the agent use its tools on the user's behalf — reading positions, analyzing the portfolio, and (when the user explicitly asks) placing trades.

Authentication is OAuth 2.0, handled end-to-end by the MCP SDK (discovery → dynamic client registration → authorization code + PKCE → refresh tokens). The user's password is never seen by the agent.

The whole point of this skill: the user authorizes once, and the tokens are written to a persistent directory so every future session refreshes silently without user intervention.

Robinhood's tools change as the beta evolves. Never assume tool names — always discover them with tools and read each tool's inputSchema before calling it.

Requirements

A primary Robinhood individual investing account in good standing, with an Agentic account opened (done once, on a desktop, in the Robinhood app — see the homepage link). Approving the agent requires a verification step in the Robinhood mobile app.
ROBINHOOD_MCP_HOME pointing at persistent storage. If this directory is wiped between sessions, the user will have to log in again.

Persistence model (read this)

File	Contents
`$ROBINHOOD_MCP_HOME/client.json`	The dynamically-registered OAuth client.
`$ROBINHOOD_MCP_HOME/credentials.json`	Access token, refresh token, expiry (0600).

On every non-login command the skill loads these, and if the access token is expired it uses the refresh token to mint a new one silently. The user is only re-prompted if the refresh token itself is revoked or expired.

Treat credentials.json as a secret — it grants trading access. The scripts write it 0600 and never echo token values.

First-time login

Run once per user. This is the only step that needs a human.

Local / desktop session (a browser is reachable):
```
python3 scripts/robinhood_mcp.py login
```
The skill prints an authorization URL (and tries to open it), runs a local loopback server on localhost:8765, and captures the redirect automatically.
Remote / headless session (no local browser, e.g. cloud agent):
```
python3 scripts/robinhood_mcp.py login --manual
```
The skill prints the authorization URL. Relay it to the user; they open it on their own desktop, approve (including the mobile-app verification), then copy the resulting http://localhost:8765/callback?... URL from their browser's address bar (it won't load — that's expected) and you feed it back on stdin:
```
echo 'http://localhost:8765/callback?code=...&state=...' \
  | python3 scripts/robinhood_mcp.py login --manual
```

On success it prints {"status": "authenticated", ...} and the credentials path. After this, the other commands work unattended.

When to use

"Connect my agent to Robinhood" / "Log my agent into Robinhood"
"What's in my Robinhood portfolio?" / "Analyze my concentration risk"
"Buy/sell N shares of TICKER on Robinhood" (after explicit confirmation)

When NOT to use

Market data, charting, or research that doesn't need the user's account — use a market-data source instead.
Opening the Agentic account itself — that's a one-time manual step in the Robinhood app, not something this skill automates.
Any broker other than Robinhood.

Scripts

Command	Purpose
`robinhood_mcp.py login [--manual]`	One-time interactive OAuth; persists tokens.
`robinhood_mcp.py status`	Silent check that stored creds still work.
`robinhood_mcp.py logout`	Delete stored credentials + client registration.
`robinhood_mcp.py tools`	List the server's tools + JSON input schemas.
`robinhood_mcp.py call <tool> [json]`	Call a tool with JSON arguments.

Discover tools

python3 scripts/robinhood_mcp.py tools

Returns {"tools": [{"name", "description", "inputSchema"}, ...]}. Always read the inputSchema for the tool you intend to call.

Call a tool

Arguments are a JSON object, passed as the second argument or on stdin:

python3 scripts/robinhood_mcp.py call get_positions '{}'
# or
echo '{"symbol": "NVDA", "quantity": 1, "side": "buy"}' \
  | python3 scripts/robinhood_mcp.py call place_order

Output is the MCP CallToolResult as JSON: content blocks, optional structuredContent, and isError. A tool-level error sets isError: true and exits non-zero — surface the message to the user; do not blindly retry.

Verify / re-auth

python3 scripts/robinhood_mcp.py status

Exit codes: 0 authenticated; 2 re-auth required (reauth_required or not_authenticated → run login again); 1 other connection/tool error. Errors are emitted as {"error": ..., "message": ...} JSON.

Safety

Trades move real money. Before any order-placing tool call, confirm the symbol, side, quantity, order type, and an estimated cost with the user, and get explicit go-ahead. Never place or modify orders speculatively.
Prefer read-only tools (positions, balances, analysis) unless the user has clearly asked to trade.
Never print or log credentials.json contents or token values.
If status reports reauth_required, stop and ask the user to run login — do not attempt to work around the auth.

References

See references/oauth_and_persistence.md for how the OAuth flow and cross-session token persistence work, and how to troubleshoot auth problems.