alpflo-openwealth-mcp

v0.1.2 suspicious
5.0
Medium Risk

OpenWealth MCP Server - AI agent integration with Swiss wealth management systems via bLink gateway

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package shows some legitimate signs with low risks in credential harvesting, shell execution, and obfuscation. However, the missing repository and questionable maintainer's history increase the suspicion level.

  • Repository not found
  • Maintainer's history raises concerns
Per-check LLM notes
  • Network: The presence of network calls is likely for legitimate purposes, but requires verification to ensure it's not used for unauthorized data exchange.
  • Shell: No shell execution patterns detected, which is normal and does not indicate immediate risk.
  • Obfuscation: No obfuscation patterns detected, indicating low risk.
  • Credentials: No credential harvesting patterns detected, indicating low risk.
  • Metadata: The package has no typosquatting, email domain, or suspicious links flags, but the repository is not found and the maintainer's history raises concerns.

📦 Package Quality Overall: Medium (5.2/10)

✦ High Test Suite 9.0

Test suite present — 10 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 10 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/alpflo/openwealth-mcp/blob/main/README.md
  • Detailed PyPI description (7792 chars)
○ Low Contributing Guide 2.0

No contributing guide or governance files found

  • No CONTRIBUTING, CODE_OF_CONDUCT, or governance files found
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 31 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 3.0

Found 2 network call pattern(s)

  • self._http_client = httpx.AsyncClient(timeout=30.0) return self._http_client async de
  • self._http_client = httpx.AsyncClient( base_url=self.base_url, tim
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting

No credential harvesting patterns detected

Typosquatting

No typosquatting candidates detected

Registered Email Domain

Email domain looks legitimate: alpflo.dev>

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 4.0

2 maintainer concern(s) found

  • Author name is missing or very short
  • Author "" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with alpflo-openwealth-mcp 
Develop a mini-application named 'WealthInsight' using the Python package 'alpflo-openwealth-mcp'. This application aims to provide users with personalized financial insights and recommendations based on their investment portfolios managed through Swiss wealth management systems. The app will integrate with these systems via the bLink gateway, allowing it to fetch real-time data and perform advanced analytics.

Key Features:
1. User Authentication: Implement secure user login functionality to ensure only authorized users can access their portfolio data.
2. Portfolio Overview: Display a summary of the user's investment portfolio including assets, total value, and performance metrics.
3. Real-Time Data Fetching: Utilize 'alpflo-openwealth-mcp' to connect with the bLink gateway and retrieve real-time financial data from the user's account.
4. Risk Assessment: Analyze the portfolio risk level based on historical data and current market conditions, providing a visual representation of the risk profile.
5. Custom Recommendations: Offer personalized investment advice tailored to the user's risk tolerance and financial goals, suggesting potential adjustments to the portfolio.
6. Notifications: Send alerts to users about significant changes in their portfolio value or market trends that could impact their investments.
7. Historical Performance Analysis: Allow users to view the historical performance of their investments over various time periods.

Steps to Develop WealthInsight:
1. Set up a development environment with Python and install the necessary dependencies including 'alpflo-openwealth-mcp'.
2. Design the database schema to store user information, authentication tokens, and portfolio data securely.
3. Implement the user authentication system ensuring data encryption and secure storage of credentials.
4. Integrate 'alpflo-openwealth-mcp' into the application to establish a connection with the bLink gateway and fetch real-time financial data.
5. Develop algorithms to calculate portfolio metrics such as total value, asset distribution, and performance ratios.
6. Create a risk assessment module that evaluates the portfolio against predefined criteria and presents the results graphically.
7. Build a recommendation engine that suggests portfolio adjustments based on user preferences and market analysis.
8. Add a notification system that sends updates to users via email or SMS about critical portfolio events.
9. Provide tools for users to analyze historical performance data, helping them make informed decisions.
10. Test the application thoroughly to ensure all features work as expected and fix any bugs identified during testing.

By following these steps and utilizing the capabilities provided by 'alpflo-openwealth-mcp', you'll create a powerful tool that empowers users to better understand and manage their financial investments.