AgentReadyHomeAgent Listing

← MCP yfinance Server (9nate-drake)

MCP yfinance Server (9nate-drake) — agentic threat model

4.3AIVSS 4.3 · Medium

The MCP yfinance Server has a very low risk profile due to its read-only nature and reliance on public data with no credentials. The primary risk is downstream, where other agents relying on its unverified market data could make flawed financial decisions if the data is manipulated or inaccurate.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 4.0AARS uplift 0.34Factor sum 0.6/10Threat ×0.95Mitigation ×1.0
Autonomy of Action
0.10
Goal-Driven Planning
0.00
Self-Modification
0.00
Dynamic Tool Use
0.10
Persistent Memory
0.00
Contextual Awareness
0.10
Dynamic Identity
0.00
Multi-Agent Interactions
0.00
Non-Determinism
0.20
Opacity & Reflexivity
0.10

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — This is an MCP tool server rather than a foundation model. However, the calling LLM could be susceptible to prompt injection that forces it to misinterpret or hallucinate the financial data returned by this server.

L2 · Data Operations✓ mapped

The server fetches live, unverified market data from Yahoo Finance via the yfinance library. The primary threat is data poisoning or upstream manipulation of Yahoo Finance data, which is passed directly to the agent without verification.

L3 · Agent Frameworks✓ mapped

Exposes read-only tools via the Model Context Protocol (MCP). Threats include input validation failures if the calling agent passes malformed ticker symbols, or framework-level vulnerabilities if the tool's JSON output is not properly parsed.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment environment (local or cloud container) is not specified. Standard infrastructure threats like local network exposure or dependency vulnerabilities in the underlying python-yfinance package apply.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no mention of built-in logging, rate-limiting, or output guardrails. Downstream agents must implement their own validation to detect anomalous or drifted market data.

L6 · Security & Compliance (cross-cutting)✓ mapped

The tool is entirely read-only and requires no API keys or authentication. While this eliminates credential theft risks, it lacks access controls, audit trails, or policy enforcement to govern which agents can query the data.

L7 · Agent Ecosystem✓ mapped

Designed to integrate into broader agent ecosystems via MCP. A compromised or rogue agent could abuse this tool to spam requests (leading to IP bans by Yahoo Finance) or propagate unverified financial data to trigger cascading automated trading failures.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).