mcp-installer
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill extracts 'npx' commands directly from GitHub project READMEs and adds them to the '~/.claude.json' configuration file. These commands are subsequently executed by the agent environment, creating a direct path for remote code execution from untrusted sources found via search.
- [COMMAND_EXECUTION]: The skill facilitates the execution of arbitrary command-line arguments (args) provided by external packages without validating their safety or origin.
- [EXTERNAL_DOWNLOADS]: Fetches content from various GitHub repositories to determine installation and configuration parameters.
- [DATA_EXPOSURE]: Accesses and modifies '~/.claude.json' (or '%USERPROFILE%.claude.json' on Windows). This file is sensitive as it may contain existing API keys, access tokens, and configurations for other integrated services.
- [INDIRECT_PROMPT_INJECTION]: The skill exhibits a high attack surface for indirect prompt injection.
- Ingestion points: README files and repository metadata fetched from GitHub search results.
- Boundary markers: Absent. The skill does not implement delimiters or safety warnings when processing extracted content.
- Capability inventory: Uses 'Read' and 'Write' tools to modify system-level configuration files that trigger command execution.
- Sanitization: Absent. The skill assumes the extracted 'npx' arguments and package names are safe to append to the local configuration.
Audit Metadata