mcp-setup

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This is documentation and examples for setting up MCP servers; the code examples themselves are benign and consistent with the stated purpose. However, the instructions encourage high-risk practices: using npx -y to fetch and execute unpinned npm packages, storing sensitive tokens in JSON configuration files, and passing credentials directly into subprocesses without guidance on least-privilege or isolation. These operational patterns can enable supply-chain credential-harvesting or code-execution attacks if the referenced server packages or the npm registry are compromised. Recommendation: treat the examples as potentially dangerous in production — require pinned versions, provenance checks, least-privilege tokens, sandboxing/unprivileged accounts or containers for third-party servers, and warnings about storing secrets in plaintext config/logs. LLM verification: The artifact is documentation and example code for MCP server setup. It is not itself intentionally malicious or obfuscated, but it promotes operational practices that significantly increase supply-chain and credential-exfiltration risk: unpinned npx/npm installs, storing long-lived secrets in config/env, and passing broad filesystem/DB access to third-party packages. Treat this as a moderate-to-high supply-chain security risk unless mitigations are applied (pin versions/checksums, sandbox serve