fund-screener

No direct malicious code patterns were found in the provided module description. The primary risks are operational and supply-chain: reliance on a BrowserMCP configuration that may contain secrets, transitive trust in an external BrowserMCP provider which can observe and modify scraped data, and brittle free-text parsing used to overwrite authoritative CSV/JSON outputs. If BrowserMCP is operated locally or by a trusted, audited provider and .mcp.json is secured (not checked into VCS, minimal privileges), the tool's risk is moderate and acceptable for research use. Otherwise, treat as elevated risk: audit .mcp.json contents, restrict BrowserMCP to trusted hosts, add strict parsing validation and audit logs, and consider user confirmations before overwriting CSV.