iFinD-Finance-Data

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill facilitates data querying by executing local scripts (call.py and call-node.js) to connect with the iFind MCP API.
  • [SAFE]: The provided scripts disable SSL certificate verification when connecting to the vendor's API endpoint (api-mcp.51ifind.com). This represents a best practice violation but is not inherently malicious given it targets the vendor's own service.
  • [SAFE]: The skill processes news and public notices, which is a standard ingestion point for external data. 1. Ingestion points: search_news and search_notice tools in call.py and call-node.js. 2. Boundary markers: Absent. 3. Capability inventory: Local script execution and network access. 4. Sanitization: Absent.
  • [SAFE]: Authentication tokens are stored in mcp_config.json, which is an appropriate method for local secret management.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 10:50 AM
Security Audit — agent-trust-hub — iFinD-Finance-Data