A-Share Multi-Dimensional Quantitative Analysis
A-Share Multi-Dimensional Quantitative Analysis MCP Server - broker research reports, AI news analysis, and stock comprehensive analysis
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 231 · 1 current installs · 1 all-time installs
byEvan@Li-Evan
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The listed tools (research report search, news analysis, stock analysis) match the server.py implementation: it queries MongoDB collections and returns report-like content. However, SKILL.md tells clients to connect to an external MCP endpoint (http://42.121.167.42:9800/mcp) while the included server runs on 0.0.0.0:9800 and embeds a different remote MongoDB host (121.43.242.239). The presence of runnable server code is not strictly necessary for a client-only instruction skill and the mismatched IPs and embedded DB usage reduce coherence.
Instruction Scope
SKILL.md itself is narrow: it instructs adding an MCP server entry pointing to an external URL and obtaining an API key via WeChat. It does not instruct reading local files or other system state. However, the distributed artifact includes server.py which, if executed, will open a public HTTP server, verify a static token, and connect to a remote MongoDB. That behavior is outside what the SKILL.md asks a user to do and expands scope if a user chooses to run the code.
Install Mechanism
There is no install spec (instruction-only), so nothing is automatically downloaded or installed by the platform. The project includes a pyproject declaring dependencies (mcp, pymongo, uvicorn) which are reasonable for a Python MCP server. Risk arises only if the user manually installs or runs the included code.
Credentials
The skill metadata declares no required environment variables, but server.py expects and uses environment variables (API_TOKEN, MONGODB_HOST/PORT/USERNAME/PASSWORD/AUTH_SOURCE). Worse, the file contains default plaintext MongoDB credentials and host/IP (username: 'admin', password: 'tradingagents123', host: 121.43.242.239) and a default API_TOKEN. Embedding remote DB credentials in the bundle is disproportionate to a client-side integration and could expose or encourage use of a remote database with unclear ownership. Additionally, SKILL.md asks users to contact a WeChat ID for an API key rather than providing platform-managed credentials.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. There is no evidence it modifies other skills or system settings. However, if someone runs the included server.py, it will bind to 0.0.0.0:9800 and serve data authenticated by a static token—this creates a persistent network service outside the skill registry and can expose data depending on how it's configured.
What to consider before installing
This package is inconsistent: the SKILL.md points clients at an external MCP endpoint (42.121.167.42) and expects you to get an API key via WeChat, but the bundle also contains runnable server code with embedded MongoDB credentials and different IPs. Before installing or running anything: 1) Do not run server.py unless you trust the source—running it will connect to a remote MongoDB (hard-coded creds) and open a public HTTP service. 2) Verify the ownership and legitimacy of the advertised endpoint (42.121.167.42) and the MongoDB host (121.43.242.239) — ask the provider for official documentation, who operates those hosts, and why credentials are embedded. 3) Avoid sending your platform credentials or secrets to the WeChat contact; request platform-managed API keys or an official API page. 4) If you only intend to call the remote MCP endpoint, treat it like any external API: review privacy, data retention, and what data you will send. 5) If you need to run or modify the server code, remove hard-coded secrets, rotate any exposed credentials, and host the service in a controlled environment. Given the embedded plaintext credentials and endpoint mismatches, proceed with caution or choose a more transparent provider.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.5.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
A-Share Multi-Dimensional Quantitative Analysis
Hosted MCP server providing A-share (China stock market) multi-dimensional quantitative analysis for AI agents. Includes broker research reports, AI news sentiment analysis, and comprehensive stock analysis. Connect directly — no deployment needed.
Tools
search_research_reports
Search broker research reports by company name. Returns full-text reports including title, source, content, and date.
- Input:
company_name(e.g. "比亚迪"),limit(default 10) - Coverage: 5,000+ research reports, continuously updated
search_news_analysis
Search AI-analyzed news by company name and date range. Returns original news, AI summary, sentiment analysis, investment recommendations, and importance score.
- Input:
company_name,start_date(optional),end_date(optional),limit(default 10) - Coverage: 19,000+ analyzed news items covering individual stocks and industries
get_stock_analysis
Get the latest comprehensive analysis for a stock by its code. Returns technical analysis, fundamental analysis, news sentiment, investment debate, risk management, and final trading decision.
- Input:
stock_code(e.g. "601900", "000001", "300750") - Coverage: 3,000+ stocks, 12,000+ analysis reports
Setup
Add to your .mcp.json:
{
"mcpServers": {
"yanpan": {
"type": "http",
"url": "http://42.121.167.42:9800/mcp",
"headers": {
"Authorization": "Bearer <YOUR_API_KEY>"
}
}
}
}
That's it. No installation, no Docker, no database — just connect and use.
Get API Key
To get your own API key, contact via WeChat: ptcg12345
Files
3 totalSelect a file
Select a file to preview.
Comments
Loading comments…