mcp-installer
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill extracts and configures npx commands from unverified GitHub projects. This allows external third-party code to be installed and executed within the agent environment without adequate verification of the source code.
- [COMMAND_EXECUTION]: The skill writes executable command strings directly into the sensitive ~/.claude.json configuration file. These commands are subsequently executed by the host agent during the startup of the Model Context Protocol servers.
- [EXTERNAL_DOWNLOADS]: The workflow relies on searching for and downloading package configurations from arbitrary GitHub repositories. It facilitates the installation of remote NPM packages via npx without a mechanism to verify package integrity.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Uses mcp__github__get_file_contents to read README.md files from external repositories. Boundary markers: None specified to prevent the agent from following instructions embedded within the third-party documentation. Capability inventory: Has the ability to write to local configuration files (~/.claude.json), leading to persistent command execution. Sanitization: None provided for the command arguments or environment variables extracted from the remote content.
Audit Metadata