{ "slug": "yahoo-finance", "tool_id": "pip/mcp-yahoo-finance", "tool_name": "mcp-yahoo-finance", "source_type": "pip", "source_ref": "mcp-yahoo-finance", "version": "0.1.3", "commit": "", "dist_shasum": "", "version_pin": "Pinned to mcp-yahoo-finance@0.1.3, published 2025-05-16. This verdict applies to that exact version; a newer release would require a re-scan.", "scanned_at": "2026-06-14T00:00:00Z", "method": "Installed and run in an isolated container; fed traceable decoy data; all outbound traffic intercepted (TLS broken via own CA, iptables transparent redirect). Endpoints, resolved geo/jurisdiction and frequency are observed facts. Capture self-test passed.", "capture": "verified", "integrity": { "result": "honest", "note": "Observed behaviour matches the tool's stated function; the egress above is the tool doing its advertised job. 'honest' is the integrity axis — it does NOT imply the data flow is irrelevant; see the data-flow axis and jurisdiction." }, "data_flow": { "egress_observed": true, "notable": true, "summary": "Sends data to fc.yahoo.com, finance.yahoo.com, guce.yahoo.com, query1.finance.yahoo.com, query2.finance.yahoo.com (US, jurisdiction tier 2) as its core function. No telemetry, analytics or error-reporting side-channel was found (full source + dependency-tree review). Where your data goes is determined by the tool's stated purpose, not by a hidden observability channel.", "destinations": [ { "host": "fc.yahoo.com", "country": "US", "jurisdiction_tier": 2, "flow_class": "session", "required_for_function": true, "disclosed": "by_purpose", "request_count_observed": 31, "frequency": "on launch and on every tool call", "kind": "Yahoo cookie/crumb handshake performed by yfinance to obtain a session (Yahoo-owned)", "vendor": "Yahoo" }, { "host": "query1.finance.yahoo.com", "country": "US", "jurisdiction_tier": 2, "flow_class": "functional", "required_for_function": true, "disclosed": "by_purpose", "request_count_observed": 17, "frequency": "on launch and on every tool call", "kind": "quote/financial-data API (ticker + date args)", "vendor": "Yahoo" }, { "host": "query2.finance.yahoo.com", "country": "US", "jurisdiction_tier": 2, "flow_class": "functional", "required_for_function": true, "disclosed": "by_purpose", "request_count_observed": 12, "frequency": "on launch and on every tool call", "kind": "quote/financial-data API (ticker + date args)", "vendor": "Yahoo" }, { "host": "guce.yahoo.com", "country": "US", "jurisdiction_tier": 2, "flow_class": "session", "required_for_function": true, "disclosed": "by_purpose", "request_count_observed": 10, "frequency": "on launch and on every tool call", "kind": "Yahoo consent/session handshake (Yahoo-owned, part of the yfinance session setup)", "vendor": "Yahoo" }, { "host": "finance.yahoo.com", "country": "US", "jurisdiction_tier": 2, "flow_class": "functional", "required_for_function": true, "disclosed": "by_purpose", "request_count_observed": 2, "frequency": "during the run", "kind": "financial-data fetch", "vendor": "Yahoo" } ], "jurisdiction_context": "Tier 2 = third country (e.g. US): transferring EU personal data to a third country requires a transfer basis under GDPR Art. 44-49 (e.g. SCCs / EU-US Data Privacy Framework) — an obligation on you, the deployer; the tool gives no control over this flow. This is the applicable framework, not a finding that the tool violates it.", "classification": "Each destination is classified FUNCTIONAL (the tool's advertised job requires the call — a neutral fact about where your data goes), SESSION/AUTH (handshake with the same operator), or TELEMETRY/ERROR_REPORTING (an observability side-channel not required for the function). Disclosure is judged across the tool's full public doc surface, not just its README, and any 'undisclosed telemetry' finding is adversarially refuted before it is asserted." }, "disclosure": { "status": "functional", "evidence": { "read": [ "PyPI sdist source", "uv.lock full transitive set grep (zero observability matches)", "yfinance dependency behaviour" ], "quote": "", "match": "No third-party telemetry, analytics or error-reporting: zero matches across the extracted sdist and the full transitive dependency set (uv.lock) for all common observability SDKs; the package has no HTTP/socket code of its own. Every destination is Yahoo-owned and reached through the yfinance dependency: the quote endpoints plus Yahoo's own cookie/crumb (fc.yahoo.com) and consent (guce.yahoo.com) handshake that yfinance performs to obtain a session. No separate vendor receives the data.", "residual_gap": "Disclosure is by stated purpose only — the package has no formal privacy/data-flow statement. Note neutrally: yfinance is an unofficial Yahoo scraper, but every host is Yahoo infrastructure." } }, "severity": { "grade": "none", "axis": "integrity axis only (undeclared exfiltration). Functional egress and disclosed metadata are reported as neutral facts and are not graded here." }, "evidence": { "capture_self_test": "verified — a beacon decoy was emitted from the tool's network context; its presence in the intercept means a 'no egress' result would have been trustworthy.", "observed_request": { "method": "GET", "url": "https://fc.yahoo.com/", "count": 31, "headers": { "user-agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" }, "tls": "intercepted (the tool's HTTPS was terminated against the sandbox CA; the egress was then blocked by strict-egress, but the full request was captured)", "payload_fields": [], "payload_sample": "", "payload_note": "Captured in the sandbox run. The distinct_id (a persistent machine identifier) and the write-only, public-by-design ingestion key are truncated above; payload_fields is the union observed across the run." }, "reproduce": { "scanner": "canary-sandbox (open methodology; Docker backend)", "command": "python -m canary.cli scan --backend docker # target: pip mcp-yahoo-finance@0.1.3", "note": "Re-run it yourself: the scanner installs the pinned version, drives the tool over MCP, and intercepts all egress." } }, "scope_stamp": { "method": "declared-vs-observed", "subject_model": "cooperative-tool", "statement": "Compares the tool's declared destinations against what was observed in one sandbox run. Checks transparency / integrity for a cooperative tool, NOT resistance to deliberate evasion.", "out_of_scope": [ "exfiltration split/chunked across requests", "tool-side encryption of the payload before egress", "input/time/state-triggered processing not triggered in the run" ], "interpretation": "\"honest\"/\"clean\" means \"observed without deviation within our reach\", NOT \"guaranteed no hidden egress\"." }, "status": "provisional", "disclaimer": "AUTOMATED — forensic confirmation pending. A preliminary, fact-based flag, not a judgment that the tool is unlawful or unsafe.", "evidence_url": "/verdict/yahoo-finance/evidence.json", "content_hash": "sha256:cd87e29e18924a56fdd83698f4d40e77a2eb4f3a1024ba51c05e6e4b47e8d48f", "signature": "ed25519:h91jioF9KPFqtJ9Vd/7+Tffgx5PiB5Xd/DatFkGPLupddWakZ7CnADKpFem2lXgYI+2ATPFcD7kZMWUMo70yCg==", "signature_alg": "Ed25519 over content_hash", "public_key_url": "/pubkey.pem", "signed_by": "sha256:49cf8457b42a7048", "reconciled": { "method": "captured egress (sandbox) + verified disclosure audit (full-doc-surface research with adversarial refutation)", "audit_run": "wf_140613cf-5c4" }, "last_checked": "2026-06-14", "pin_status": "current", "categories": { "domain": "finance", "data_flow": "functional-egress", "jurisdiction": [ "US" ], "status": "published", "source": "pip" }, "observations": [ { "scanned_at": "2026-06-14T00:00:00Z", "version": "0.1.3", "commit": "", "finding": "functional-egress", "integrity": 100, "evidence_coverage": 100, "egress_hosts": [ "fc.yahoo.com", "query1.finance.yahoo.com", "query2.finance.yahoo.com", "guce.yahoo.com", "finance.yahoo.com" ], "content_hash": "sha256:cd87e29e18924a56fdd83698f4d40e77a2eb4f3a1024ba51c05e6e4b47e8d48f" } ], "observation_count": 1, "first_seen": "2026-06-14T00:00:00Z", "claims": [ { "basis": "observed", "statement": "The tool sent 31 request(s) to fc.yahoo.com.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "fc.yahoo.com is classified as session (required for the tool's advertised function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "observed", "statement": "The tool sent 17 request(s) to query1.finance.yahoo.com.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "query1.finance.yahoo.com is classified as functional (required for the tool's advertised function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "observed", "statement": "The tool sent 12 request(s) to query2.finance.yahoo.com.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "query2.finance.yahoo.com is classified as functional (required for the tool's advertised function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "observed", "statement": "The tool sent 10 request(s) to guce.yahoo.com.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "guce.yahoo.com is classified as session (required for the tool's advertised function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "observed", "statement": "The tool sent 2 request(s) to finance.yahoo.com.", "support": "Captured in the sandbox run (published redacted in the evidence artifact); re-run the scan to reproduce.", "confidence": "high" }, { "basis": "classified", "statement": "finance.yahoo.com is classified as functional (required for the tool's advertised function).", "support": "Adversarially reviewed.", "confidence": "high" }, { "basis": "inferred", "statement": "The repeated requests suggest the flow fires on launch and on each tool call.", "support": "31 requests in one run — an inferred pattern, not proven across launches.", "confidence": "medium" }, { "basis": "classified", "statement": "Disclosure status: functional.", "support": "No third-party telemetry, analytics or error-reporting: zero matches across the extracted sdist and the full transitive dependency set (uv.lock) for all common observability SDKs; the package has no HTTP/socket code of i", "confidence": "high" } ], "tier": "evidence-backed", "schema_version": "claims-1.0" }