ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ifind Mcp

同花顺iFinD金融数据MCP工具。用于查询A股股票、公募基金、宏观经济和新闻资讯数据。当用户需要查询股票、基金、宏观经济指标或新闻资讯时使用。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
1 · 48 · 0 current installs · 0 all-time installs
by@XingjianLiu0417
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be an iFinD MCP query wrapper (stocks, funds, macro, news) which matches the API endpoints listed (api-mcp.51ifind.com). However the skill metadata declares no required binaries or config paths, while SKILL.md and scripts/query.sh require a local mcporter CLI (~/.npm-global/bin/mcporter) and a config file (~/.config/mcporter.json). That mismatch (undeclared required binary and config) is an incoherence.
Instruction Scope
Instructions are focused on calling the MCP servers via mcporter and reference only the mcporter config file. This is within the stated purpose, but the skill directs the agent to read ~/.config/mcporter.json (expected to hold auth info). The instructions also suppress stderr (2>/dev/null), which can hide errors — not malicious by itself but reduces visibility.
Install Mechanism
There is no install spec (instruction-only) and included code is a small shell script. No remote downloads or archive extraction are present. This is lower risk, but the script depends on a separately installed mcporter binary in a non-standard user path (~/.npm-global/bin), which is not declared.
!
Credentials
The skill metadata lists no required environment variables or config paths, yet the runtime steps require reading ~/.config/mcporter.json and the API reference shows usage of Authorization: Bearer <jwt_token>. The skill therefore implicitly requires sensitive credentials in the config file but does not declare or explain them — a proportionality and transparency issue.
Persistence & Privilege
The skill is not always-enabled and does not request persistent or elevated platform privileges. It does not modify other skills or system-wide settings in the provided files.
What to consider before installing
This skill appears to be a thin wrapper around the iFinD MCP API and will call that service using a local mcporter CLI and a config file at ~/.config/mcporter.json that likely contains a Bearer JWT. Before installing or running the skill: 1) Verify you have mcporter installed from a trusted source and that the referenced path (~/.npm-global/bin/mcporter) is correct; 2) Inspect ~/.config/mcporter.json to see what secrets it contains and ensure the token has only the permissions you expect; 3) Ask the publisher (or check documentation) to update the skill metadata to declare required binaries and config paths so you know what will be accessed; 4) If you are uncertain, run the script in an isolated environment (container) or with a throwaway credential. These steps will reduce the risk that sensitive tokens are used or sent unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.1.0
Download zip
latestvk97b7h5sc6fwav32h12038md79838sag

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

iFind MCP Skill

同花顺 iFinD MCP 服务,提供专业金融数据查询。

配置

配置文件位置

~/.config/mcporter.json

MCP 服务器

服务器用途
hexin-ifind-stockA股股票数据
hexin-ifind-fund公募基金数据
hexin-ifind-edb宏观经济数据
hexin-ifind-news公告资讯

调用方式

mcporter call <server>.<tool>

# 或使用便捷脚本
./scripts/query.sh stock "贵州茅台"

便捷脚本

./scripts/query.sh stock "贵州茅台"   # 股票查询
./scripts/query.sh fund "易方达"       # 基金查询
./scripts/query.sh edb "中国GDP"       # 宏观数据
./scripts/query.sh news "华为公告"      # 新闻资讯

股票工具 (hexin-ifind-stock)

工具说明
get_stock_summary股票信息摘要
search_stocks智能选股
get_stock_perfomance历史行情与技术指标
get_stock_info基本资料查询
get_stock_shareholders股本结构与股东数据
get_stock_financials财务数据与指标
get_risk_indicators风险指标
get_stock_events公开披露事件
get_esg_dataESG评级

使用示例

mcporter call hexin-ifind-stock.get_stock_summary query:"贵州茅台财务状况"
mcporter call hexin-ifind-stock.search_stocks query:"新能源汽车行业市值大于1000亿"
mcporter call hexin-ifind-stock.get_stock_perfomance query:"宁德时代最近5日涨跌幅"

基金工具 (hexin-ifind-fund)

工具说明
search_funds模糊基金名称匹配
get_fund_profile基金基本资料
get_fund_market_performance行情与业绩
get_fund_ownership份额与持有人结构
get_fund_portfolio投资标的与资产配置
get_fund_financials基金财务指标
get_fund_company_info基金公司信息

使用示例

mcporter call hexin-ifind-fund.search_funds query:"易方达科技ETF"
mcporter call hexin-ifind-fund.get_fund_market_performance query:"富国天惠近一年收益率"

宏观/新闻工具

# 宏观经济
mcporter call hexin-ifind-edb.get_macro_data query:"中国GDP增速"

# 新闻资讯
mcporter call hexin-ifind-news.get_company_news query:"华为最新公告"

配置检查

mcporter list

API 文档

详细 API 说明见 references/API.md

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…