Package Metadata

Author: Findesk
Email: —
PyPI: findesk-ffd-mcp
Python: >=3.9
Versions: 1 release
First release: 05 Jun 2026, 09:16 UTC
Analysed: 05 Jun 2026, 09:20 UTC
Source files: 5 .py files scanned

Project Links

Documentation Homepage Official MCP Bundle Source

Classifiers

Development Status :: 4 - BetaEnvironment :: ConsoleIntended Audience :: DevelopersIntended Audience :: Financial and Insurance IndustryNatural Language :: Chinese (Simplified)Operating System :: MacOSOperating System :: Microsoft :: WindowsOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3.10

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits elevated risks in network and shell execution areas, with additional concerns over metadata suggesting recent suspicious activity. These factors collectively raise suspicion about its legitimacy.

High shell risk due to potential for executing arbitrary code
Elevated metadata risk indicating recent suspicious activity

Per-check LLM notes

Network: Network calls may be used for legitimate purposes like updates or telemetry, but the absence of clear documentation raises suspicion.
Shell: Executing shell commands can be risky as it allows running arbitrary code which could lead to system compromise or data exfiltration.
Obfuscation: No obfuscation patterns detected, indicating low risk.
Credentials: No credential harvesting patterns detected, indicating low risk.
Metadata: The recent creation and activity patterns suggest potential risk, indicating possible malicious intent or supply-chain attack.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 3.0

Found 2 network call pattern(s)

int = 60) -> bytes: req = urllib.request.Request(url, headers={"User-Agent": f"findesk-ffd-mcp/{__ver
try: with urllib.request.urlopen(req, timeout=timeout) as resp: retur

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 6.0

Found 3 shell execution pattern(s)

if curl: result = subprocess.run( [curl, "-fsSL", "--retry", "2", "--max-time", s
pt)] try: return subprocess.call(command, env=env) finally: try: scri
r sys.executable result = subprocess.run( [python_cmd, str(server_path), "--version"],

✓ Credential Harvesting

No credential harvesting patterns detected

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

No author email provided

✓ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository created very recently: 3 day(s) ago (2026-06-02T15:00:16Z)

Repository created very recently: 3 day(s) ago (2026-06-02T15:00:16Z)
Repository has zero stars and zero forks
All 20 commits happened within 24 hours

⚠ Maintainer History score 6.0

3 maintainer concern(s) found

Only one version has ever been released — brand new package
Package uploaded less than 24 hours ago (2026-06-05T09:16:06.000Z)
Author "Findesk" appears to have only 1 package on PyPI (new or inactive account)