扫描报告
10 /100
groundapi_a_share_analyst
Analyze individual A-share stocks with real-time quotes, fundamentals, technicals, and recent news — powered by GroundAPI MCP tools.
This is a legitimate A-share stock analysis skill using declared MCP tools with no hidden functionality or malicious behavior detected.
可以安装
Safe to use. The skill only accesses the declared GroundAPI MCP server and performs stock analysis using standard financial data APIs.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | External API dependency | SKILL.md:28 |
| 低危 | API key in plain text | SKILL.md:26 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No file operations described or required |
| 网络访问 | READ | READ | ✓ 一致 | Uses declared MCP tools: finance_stock, info_search, finance_market |
| 命令执行 | NONE | NONE | — | No shell execution in the skill |
| 环境变量 | READ | READ | ✓ 一致 | Only reads GROUNDAPI_KEY for MCP authentication |
| 技能调用 | READ | READ | ✓ 一致 | Uses standard MCP tool invocations |
| 剪贴板 | NONE | NONE | — | No clipboard access |
| 浏览器 | NONE | NONE | — | No browser access |
| 数据库 | NONE | NONE | — | No database access |
2 项发现
中危 外部 URL 外部 URL
https://groundapi.net SKILL.md:9 中危 外部 URL 外部 URL
https://mcp.groundapi.net/sse SKILL.md:28 目录结构
1 文件 · 3.9 KB · 131 行 Markdown 1f · 131L
└─
SKILL.md
Markdown
安全亮点
✓ No executable code - purely documentation specification
✓ All capabilities declared in SKILL.md match intended behavior
✓ No shell execution, filesystem manipulation, or credential harvesting
✓ Uses only standard MCP financial data tools
✓ No base64, eval, or suspicious encoding patterns
✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, etc.)
✓ No hidden instructions or masquerading
✓ Clear disclaimer that analysis is for reference only