ClawHub

Tdnet Disclosure Mcp

v0.1.2

Access TDNET timely disclosures (適時開示) from Tokyo Stock Exchange (JPX/TSE) — earnings reports (決算短信), dividends, buybacks, forecast revisions, governance cha...

0· 542·0 current·0 all-time
by@ajtgjmdjp
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and CLI usage all align: the skill is a thin wrapper around a tdnet-disclosure-mcp CLI that queries a public Yanoshin Web API mirror of TDNET data. Required binary matches the stated capability and no unrelated credentials or paths are requested.
Instruction Scope
SKILL.md contains only CLI usage and install instructions for the tdnet-disclosure-mcp tool; it doesn't instruct the agent to read unrelated files, environment variables, or exfiltrate data to unexpected endpoints. It references the Yanoshin Web API (an external data source), which is appropriate for this purpose.
!
Install Mechanism
The install spec is a uv-packaged tool (uv kind) and SKILL.md also suggests pip install. No homepage or source repository is provided and the package owner is unknown — installing an external package will download and run third-party code on the host. This is a moderate risk because the installer could contain unexpected behavior; the manifest gives no provenance (e.g., GitHub repo, PyPI link, or release host) to verify the package before install.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The lack of secrets or unrelated env access is proportionate to a read-only disclosure-retrieval tool.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or to modify other skills' configurations. Installing the CLI will add a binary (expected for a tool), but there's no request for elevated privileges in the metadata.
What to consider before installing
This skill appears to do what it says, but it requires installing a third-party package (tdnet-disclosure-mcp) with no homepage or source listed. Before installing: (1) verify the package on a trusted registry (PyPI/GitHub) and inspect the source or release notes, (2) prefer packages with an authoritative homepage/repo and a maintainer history, (3) run the install and CLI in a sandbox or container if you must test it, and (4) review network behavior (which endpoints it contacts) and file system writes after install. If the publisher cannot provide a repository or verifiable provenance, treat the package as higher risk and avoid installing on sensitive systems.

Like a lobster shell, security has layers — review code before you run it.

latestvk973qx9xx7h155tcfnk719tq61817yaw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📋 Clawdis
Binstdnet-disclosure-mcp

Install

Install tdnet-disclosure-mcp (uv)
Bins: tdnet-disclosure-mcp
uv tool install tdnet-disclosure-mcp

Comments