Is Akshare One MCP server safe?
akshare-one-mcp is an AI python_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 2 risky constructs are reported for review. It can: mcp tools detected — capabilities are what the code can do, not a verdict on intent. Risk score 10/100 (low).
akshare-one-mcp 0.3.9
- Server bound to all network interfaces
- MCP tool surface detected
No malicious indicators found by static analysis.
Findings (2)
A server is bound to all network interfaces (0.0.0.0), not just your own machine.
"--host", default="0.0.0.0", help="Host to bind to (default: 0.0.0.0)"
Why it matters: Without authentication, other hosts on the network can reach it.
Fix: Bind to 127.0.0.1 for local-only use, or require authentication and restrict access if remote exposure is intended.
An MCP tool surface (manifest or tool definitions) was found.
mcp = FastMCP(name="akshare-one-mcp")
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
@mcp.tool
Why it matters: Just context — review which tools it offers and their permissions.
Fix: Review the declared MCP tools and their permissions.
Check your own component
Run the same evidence-backed scan on any MCP server, agent skill, or package.
Scan your own componentOr get notified if this component's risk changes:
How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →