asic-mcp

v0.6.18 suspicious
7.0
High Risk

MCP server for Australian Securities and Investments Commission registers. Plain-English access to financial advisers, AFS licensees, credit licensees, banned and disqualified persons and organisations, and registered liquidators via data.gov.au.

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant credential risk indicators and lacks a public git repository, suggesting potential security concerns. However, no direct evidence of malicious intent is present.

  • High credential risk
  • Unverified maintainer and missing git repository
Per-check LLM notes
  • Network: The use of an HTTP client suggests network communication, which is common for packages needing to fetch remote resources.
  • Shell: No shell execution patterns detected.
  • Obfuscation: No obfuscation patterns detected that indicate malicious activity.
  • Credentials: Multiple patterns suggest potential credential harvesting attempts, including paths to sensitive files and encoded strings.
  • Metadata: The maintainer has only one package and the git repository is not found, raising some suspicion but not conclusive evidence of malice.

📦 Package Quality Overall: Medium (5.6/10)

✦ High Test Suite 9.0

Test suite present — 18 test file(s) found

  • Test runner config found: conftest.py
  • Test runner config found: pyproject.toml
  • 18 test file(s) detected (e.g. conftest.py)
◈ Medium Documentation 7.0

Some documentation present

  • Documentation URL: "Documentation" -> https://github.com/Bigred97/asic-mcp#readme
  • Detailed PyPI description (11899 chars)
○ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
◈ Medium Type Annotations 7.0

Partial type annotation coverage

  • Classifier: Typing :: Typed
  • 116 type-annotated function signatures detected in source
○ Low Multiple Contributors 1.0

Could not retrieve contributor data from GitHub

  • GitHub API error: 404

🔬 Heuristic Checks

Outbound Network Calls score 1.5

Found 1 network call pattern(s)

  • Cache() self._http = httpx.AsyncClient( timeout=DEFAULT_TIMEOUT, transport=
Code Obfuscation

No obfuscation patterns detected

Shell / Subprocess Execution

No shell execution patterns detected

Credential Harvesting score 10.0

Found 5 credential access pattern(s)

  • : "Right One", "url": "file:///etc/passwd"}], }, }) ) async with ASICClie
  • t(1)</script>", "../../etc/passwd", "../%2e%2e/passwd", "%00", "\x00b
  • arametrize("bad_id", [ "../etc/passwd", "ASIC/FINANCIAL_ADVISERS", "ASIC%20FINANCIAL_ADVI
  • url in ( "file:///etc/passwd", "javascript:alert(1)", "data:text
  • it server.describe_dataset("../etc/passwd") @pytest.mark.asyncio async def test_describe_dataset_em
Typosquatting

No typosquatting candidates detected

Registered Email Domain

No author email provided

Suspicious Page Links

All external links appear legitimate

Git Repository History score 3.0

Repository not found (deleted or private)

  • Repository not found (deleted or private)
Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Harry Vass" appears to have only 1 package on PyPI (new or inactive account)
Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with asic-mcp 
Create a mini-application called 'ASIC Advisor Lookup' using the Python package 'asic-mcp'. This application will serve as a user-friendly tool for accessing key information from the Australian Securities and Investments Commission (ASIC) registers. The application should allow users to search for financial advisers, AFS licensees, credit licensees, banned/disqualified persons/organizations, and registered liquidators. Here are the steps and features you should include:

1. **Project Setup**: Set up a basic Python environment with the necessary libraries installed, including 'asic-mcp'. Ensure your development environment supports Python.
2. **User Interface**: Develop a simple command-line interface (CLI) for the application. The CLI should provide clear instructions on how to use the tool and display a menu of options for users to select from.
3. **Search Functionality**: Implement search functionality for each type of entity mentioned above. Users should be able to enter specific keywords or IDs to retrieve relevant information.
4. **Display Results**: Once a search is performed, the application should display the results in a readable format. Include fields such as name, registration number, status, and any other pertinent details available from the ASIC registers.
5. **Error Handling**: Incorporate error handling to manage cases where no results are found or if there's an issue with the API request.
6. **Advanced Features** (Optional): Consider adding advanced features like saving search history, allowing users to export search results into CSV files, or integrating with a web-based frontend for a more interactive experience.

The 'asic-mcp' package will be the backbone of this application, providing the means to interact with the ASIC registers via data.gov.au. Your task is to leverage this package effectively to create a functional, user-friendly tool that enhances accessibility to important regulatory information.

💬 Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!