wind-mcp-skill
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: All financial data is retrieved from official Wind Information API endpoints at mcp.wind.com.cn using encrypted HTTPS connections.
- [CREDENTIALS_UNSAFE]: The skill implements secure credential management by sourcing API keys from environment variables or local user-specific configuration files (~/.wind-aimarket/config), ensuring that secrets are not hardcoded.
- [EXTERNAL_DOWNLOADS]: Version checking functionality connects to official vendor repositories on GitHub and Gitee to verify current skill versions. These operations are read-only and limited to metadata retrieval.
- [COMMAND_EXECUTION]: Local shell command usage is restricted to launching a version-check script and opening the vendor's developer portal in a web browser, both of which are standard administrative tasks.
- [DATA_EXFILTRATION]: Outbound network traffic is confined to established financial data services and well-known developer platforms, with no evidence of unauthorized data transmission.
- [SAFE]: Permission requests for filesystem access and child processes are correctly scoped to the skill's operational requirements, such as caching tool definitions and checking for software updates.
Audit Metadata