中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 20/100
Last scan:20 hr ago Rescan
20 /100
fin-advisor
基金投顾助手 — 专业的基金分析、对比、推荐和交易决策支持
Legitimate fund investment advisor tool with minor documentation gaps; the slot-filling script makes undeclared network requests but no malicious behavior is observed.
Skill Namefin-advisor
Duration59.7s
Enginepi
Safe to install
Document the slot-filling HTTP POST behavior in SKILL.md and restrict Bash permissions to explicitly list slot-filling.sh usage if retained.

Findings 2 items

Severity Finding Location
Low
Undeclared network request in slot-filling script Doc Mismatch
scripts/slot-filling.sh makes HTTP POST requests to SLOT_SERVICE_URL with user query data and Bearer token authorization, but this network behavior is not documented in SKILL.md or allowed-tools declaration.
curl -s -X POST "${SLOT_SERVICE_URL}" -H "Content-Type: application/json; charset=utf-8" -H "authorization: Bearer ${SLOT_SERVICE_TOKEN:-}" -d "$PAYLOAD"
→ Document the slot-filling network call in SKILL.md capabilities section, or remove the external HTTP dependency and implement slot-filling locally.
 scripts/slot-filling.sh:77
Low
Bash permission pattern too broad for mcporter Priv Escalation
allowed-tools declares 'Bash(mcporter:*)' which uses wildcard pattern. While mcporter is a legitimate MCP tool wrapper, the wildcard allows any mcporter subcommand invocation.
allowed-tools: Bash(mcporter:*) Read(*.md)
→ Consider specifying exact mcporter commands if the tool set is known and limited.
 SKILL.md:2
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md allows Read(*.md); script only reads markdown files
Network NONE WRITE ✗ Violation scripts/slot-filling.sh:77-82 makes HTTP POST to SLOT_SERVICE_URL
Shell WRITE WRITE ✓ Aligned Bash(mcporter:*) allows mcporter calls and slot-filling.sh execution

File Tree

9 files · 28.4 KB · 678 lines
Markdown 8f · 552L Shell 1f · 126L
├─ 📁 references
│ ├─ 📁 personas
│ │ ├─ 📝 data-driven.md Markdown 24L · 712 B
│ │ ├─ 📝 friendly.md Markdown 24L · 1020 B
│ │ └─ 📝 professional.md Markdown 24L · 842 B
│ ├─ 📝 compliance.md Markdown 44L · 2.1 KB
│ ├─ 📝 domain-knowledge.md Markdown 102L · 4.9 KB
│ ├─ 📝 output-guide.md Markdown 100L · 2.9 KB
│ └─ 📝 tool-guide.md Markdown 88L · 5.7 KB
├─ 📁 scripts
│ └─ 🔧 slot-filling.sh Shell 126L · 3.7 KB
└─ 📝 SKILL.md Markdown 146L · 6.5 KB

Security Positives

✓ No malicious code patterns found (no base64, eval, obfuscation, reverse shell)
✓ No sensitive path access (no ~/.ssh, ~/.aws, .env reading)
✓ No credential harvesting or exfiltration
✓ No curl|bash remote script execution
✓ Script includes proper error handling and input validation
✓ Mock mode available for safe testing without external calls
✓ No external dependencies with unpinned versions
✓ Fund advisor functionality appears legitimate with proper compliance rules