iFinD-Finance-Data
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates data querying by executing local scripts (
call.pyandcall-node.js) to connect with the iFind MCP API. - [SAFE]: The provided scripts disable SSL certificate verification when connecting to the vendor's API endpoint (
api-mcp.51ifind.com). This represents a best practice violation but is not inherently malicious given it targets the vendor's own service. - [SAFE]: The skill processes news and public notices, which is a standard ingestion point for external data. 1. Ingestion points:
search_newsandsearch_noticetools incall.pyandcall-node.js. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution and network access. 4. Sanitization: Absent. - [SAFE]: Authentication tokens are stored in
mcp_config.json, which is an appropriate method for local secret management.
Audit Metadata