扫描报告
5 /100
mx_finance_data
金融数据查询工具,基于东方财富API提供股票、基金、债券等金融数据查询
This is a legitimate financial data query skill that makes authenticated API calls to East Money's service and writes results locally. No malicious behavior detected.
可以安装
This skill is safe to use. Continue following the documented setup process to configure EM_API_KEY.
安全发现 1 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 提示 | Documentation example appears as potential credential 文档欺骗 | SKILL.md:104 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 网络访问 | READ | READ | ✓ 一致 | scripts/get_data.py:360 - POST to https://ai-saas.eastmoney.com/proxy/b/mcp/tool… |
| 文件系统 | WRITE | WRITE | ✓ 一致 | scripts/get_data.py:330 - Creates output directory and writes xlsx/txt files |
| 环境变量 | READ | READ | ✓ 一致 | scripts/get_data.py:65 - Only reads EM_API_KEY for API authentication |
| 命令执行 | NONE | NONE | — | No subprocess or shell execution found |
1 高危 3 项发现
高危 API 密钥 疑似硬编码凭证
API_KEY="your_api_key_here" SKILL.md:104 中危 外部 URL 外部 URL
https://ai.eastmoney.com/mxClaw SKILL.md:27 中危 外部 URL 外部 URL
https://ai-saas.eastmoney.com/proxy/b/mcp/tool/searchData scripts/get_data.py:73 目录结构
2 文件 · 29.6 KB · 773 行 Python 1f · 624L
Markdown 1f · 149L
├─
▾
scripts
│ └─
get_data.py
Python
└─
SKILL.md
Markdown
依赖分析 3 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
httpx | unspecified | pip | 否 | Standard HTTP client library for API calls |
pandas | unspecified | pip | 否 | Standard data analysis library |
openpyxl | unspecified | pip | 否 | Standard Excel file writer |
安全亮点
✓ No credential hardcoding - EM_API_KEY is read from environment only
✓ No shell execution or subprocess calls
✓ No data exfiltration - only queries East Money API and writes results locally
✓ No obfuscation techniques (no base64, eval, or anti-analysis patterns)
✓ Clean code structure with proper error handling
✓ Documentation accurately describes all functionality
✓ Dependencies are standard and well-known (httpx, pandas, openpyxl)
✓ No suspicious network behavior - only connects to legitimate East Money domain