Back to skill
Skillv1.0.6
VirusTotal security
finstep-mcp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:55 AM
- Hash
- 7e853dea4c92e62a191a10af0c64603596c13c2e227df2191b7240dfe8d595b0
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: finstep-mcp Version: 1.0.6 The skill bundle provides a legitimate interface for the FinStep financial data service, covering stock quotes, company information, and macro-economic data. The Bash scripts (e.g., quote.sh, company.sh, search.sh) use curl and jq to interact with the official API endpoint (fintool-mcp.finstep.cn) and handle user-provided parameters safely using jq's argument binding to prevent injection. No evidence of data exfiltration, malicious execution, or prompt injection was found.
- External report
- View on VirusTotal