{
  "trust": {
    "tier": "Dangerous",
    "emoji": "🔴",
    "description": "Multiple critical issues — do not install without thorough manual review",
    "score": 20
  },
  "format": "skill",
  "skill": {
    "name": "finam",
    "description": "Execute trades, manage portfolios, access real-time market data, browse and search market assets, scan volatility, and answer questions about Finam Trade API",
    "version": null,
    "slug": "finam"
  },
  "scores": {
    "security": 0,
    "transparency": 7,
    "maintenance": 7,
    "overall": 2
  },
  "permissions": {
    "summary": "Requires 2 environment variables. (1 sensitive: FINAM_API_KEY). Requires 3 system binaries. (1 elevated: curl).",
    "environmentVariables": [
      {
        "name": "FINAM_API_KEY",
        "risk": "high"
      },
      {
        "name": "FINAM_ACCOUNT_ID",
        "risk": "low"
      }
    ],
    "binaries": [
      {
        "name": "curl",
        "risk": "high"
      },
      {
        "name": "jq",
        "risk": "medium"
      },
      {
        "name": "python3",
        "risk": "low"
      }
    ],
    "envVarCount": 2,
    "requiredBinCount": 3
  },
  "compoundThreats": [],
  "permissionIntegrity": [],
  "capabilities": [
    "network_out",
    "credential_access"
  ],
  "findings": [
    {
      "severity": "critical",
      "category": "credentials",
      "description": "Possible hardcoded credential",
      "zone": "code",
      "zoneContext": "instruction",
      "file": "SKILL.md",
      "downgraded": false,
      "sample": "API_KEY=\"your_api_key_here",
      "owasp": [
        "LLM02"
      ],
      "owaspAsi": [
        "ASI03"
      ],
      "confidence": "pattern"
    },
    {
      "severity": "critical",
      "category": "shell_injection",
      "description": "Pipe-to-python pattern — remote code execution risk",
      "zone": "code",
      "zoneContext": "instruction",
      "file": "SKILL.md",
      "downgraded": false,
      "sample": "curl -sL \"https://www.finam.ru/analysis/conews/rsspoint/\" | python",
      "owasp": [
        "LLM05",
        "LLM06"
      ],
      "owaspAsi": [
        "ASI02",
        "ASI05"
      ],
      "confidence": "pattern"
    },
    {
      "severity": "critical",
      "category": "shell_injection",
      "description": "Pipe to python — executes piped content as Python code",
      "zone": "code",
      "zoneContext": "instruction",
      "file": "SKILL.md",
      "downgraded": false,
      "sample": "| python3",
      "owasp": [
        "LLM05",
        "LLM06"
      ],
      "owaspAsi": [
        "ASI02",
        "ASI05"
      ],
      "confidence": "pattern"
    },
    {
      "severity": "critical",
      "category": "obfuscation",
      "description": "Unicode homoglyph detected — uses lookalike characters to evade pattern matching",
      "zone": "prose",
      "zoneContext": "documentation",
      "file": "assets/exchanges.json",
      "downgraded": false,
      "sample": "",
      "owasp": [
        "LLM01",
        "LLM03"
      ],
      "owaspAsi": [
        "ASI04",
        "ASI10"
      ],
      "confidence": "pattern"
    },
    {
      "severity": "low",
      "category": "network",
      "description": "Python urllib.request — network access",
      "zone": "prose",
      "zoneContext": "documentation",
      "file": "scripts/utils.py",
      "downgraded": true,
      "sample": "urllib.request",
      "owasp": [
        "LLM02",
        "LLM06"
      ],
      "owaspAsi": [
        "ASI03",
        "ASI07"
      ],
      "confidence": "pattern"
    },
    {
      "severity": "low",
      "category": "credentials",
      "description": "Python os.environ.get — reads environment variable",
      "zone": "prose",
      "zoneContext": "documentation",
      "file": "scripts/utils.py",
      "downgraded": true,
      "sample": "os.environ.get(",
      "owasp": [
        "LLM02"
      ],
      "owaspAsi": [
        "ASI03"
      ],
      "confidence": "pattern"
    }
  ],
  "summary": {
    "total": 6,
    "critical": 4,
    "high": 0,
    "medium": 0,
    "low": 2,
    "compoundThreats": 0,
    "integrityIssues": 0
  },
  "trustSignals": {
    "positive": [
      {
        "signal": "described",
        "positive": true,
        "detail": "Has meaningful description"
      },
      {
        "signal": "documented",
        "positive": true,
        "detail": "SKILL.md has substantial documentation"
      }
    ],
    "negative": [
      {
        "signal": "versioned",
        "positive": false,
        "detail": "No version declared"
      }
    ]
  },
  "files": {
    "hasExecutableCode": true,
    "executableFiles": [
      "scripts/asset_search.py",
      "scripts/utils.py",
      "scripts/volatility.py"
    ],
    "totalFiles": 10
  },
  "humanSummary": "finam scores 20/100 (Dangerous). It requires 2 env vars and 3 binaries. 4 critical pattern matches in code.",
  "auditedAt": "2026-04-25T08:39:07.301Z",
  "vtEnrichment": {
    "checked": 3,
    "flagged": 0,
    "urls": [
      {
        "url": "https://tradeapi.finam.ru",
        "malicious": 0,
        "suspicious": 0,
        "engines": 94,
        "cached": false
      },
      {
        "url": "https://api.finam.ru",
        "malicious": 0,
        "suspicious": 0,
        "engines": 91,
        "cached": false
      },
      {
        "url": "https://api.finam.ru/v1/accounts/{accountId",
        "malicious": 0,
        "suspicious": 0,
        "engines": 0,
        "cached": false
      }
    ]
  }
}