Skills
skills/jsoncodechina/wind-skills/mx-finance-data/Gen Agent Trust Hub

mx-finance-data

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/get_data.py contains a hardcoded API key (em_eaRnxyWlMUiriR0Tj2m79QtUtxjTU0hQ) assigned as a default value for the EM_API_KEY environment variable. Hardcoding credentials in source code is a high-risk practice that can lead to unauthorized access if the code is exposed.
  • [EXTERNAL_DOWNLOADS]: The skill performs outbound network requests to https://ai-saas.eastmoney.com/proxy/b/mcp/tool/searchData using the httpx library to retrieve financial data. This involves transmitting user-supplied natural language queries to an external third-party endpoint.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 01:11 AM