A-Share Multi-Dimensional Quantitative Analysis
WarnAudited by ClawScan on May 18, 2026.
Overview
The finance tools match the stated purpose, but the setup sends a bearer API key over plain HTTP and the included server code contains hardcoded default API and database credentials.
Before installing, avoid sending confidential prompts or trading information to this MCP server unless the publisher provides a verified HTTPS endpoint, removes hardcoded/default secrets, documents credential handling, and clarifies operator provenance. Treat the financial analyses as untrusted reference material and verify decisions independently.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone on the network path could steal the API key, observe finance queries, or tamper with analysis returned to the agent.
The documented MCP connection sends a bearer API key to a raw IP address over plain HTTP rather than HTTPS, so the token and user queries could be intercepted or modified in transit.
"url": "http://42.121.167.42:9800/mcp", "headers": { "Authorization": "Bearer <YOUR_API_KEY>" }Use a verified HTTPS endpoint with a domain name and TLS certificate before sending tokens or sensitive prompts; rotate any token used over HTTP.
Weak or leaked default credentials can allow unauthorized access to the service or backend data, undermining trust in the hosted tool and its outputs.
The server has hardcoded fallback credentials for both MCP authentication and a remote MongoDB admin user, which is not declared in the registry credential contract and is not scoped to least privilege.
API_TOKEN = os.getenv("API_TOKEN", "yanpan-mcp-secret-2026") ... username=os.getenv("MONGODB_USERNAME", "admin"), password=os.getenv("MONGODB_PASSWORD", "tradingagents123")Remove hardcoded defaults, require secrets through a managed secret store or declared environment variables, and use a least-privilege read-only database account.
Malformed or overly broad queries could return much more data than expected or place unnecessary load on the hosted service.
Search parameters are passed directly into MongoDB regex queries and the caller-controlled limit is not bounded in the shown code.
{"title": {"$regex": company_name}} ... .limit(limit)Escape or constrain regex input, validate company names and stock codes, and enforce a reasonable maximum limit server-side.
Users have limited ability to verify who operates the server or how the credentialed hosted service is maintained.
The skill relies on a hosted remote MCP endpoint, but the provided metadata does not give a verifiable source repository, homepage, or deployment provenance.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Prefer a publisher-provided HTTPS homepage or source repository, documented operator identity, and reproducible deployment information.
A report or news item could contain misleading text or prompt-like content that affects the agent's reasoning if over-trusted.
The tool intentionally injects large third-party report and news text into the agent context; that content should be treated as untrusted data rather than instructions.
Returns full-text reports including title, source, content, and date ... Returns original news, AI summary, sentiment analysis, investment recommendations
Keep retrieved reports/news clearly separated as source material and require the agent to ignore any instructions embedded inside returned content.