AIGroup Market MCP
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may run code from the npm package, so trust in that package matters.
The skill relies on running an external npm package that is not included in the reviewed artifacts. This is central to the MCP skill's stated purpose, but users should verify the package provenance.
Launch pattern: `npx -y aigroup-market-mcp`
Verify the npm package and GitHub project before use, and pin or review the package version where possible.
The MCP server can use the configured Tushare token and may consume API quota or access data available to that token.
The skill requires a Tushare API credential. This is expected for Tushare-oriented market data, but the registry metadata does not declare required environment variables.
Required environment variable: `TUSHARE_TOKEN`
Use a token intended for this purpose, avoid sharing it in prompts or logs, and revoke or rotate it if you stop using the skill.