mcp-installer

Warn

Audited by Socket on Mar 13, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

SUSPICIOUS: 该技能目的与读取/写入 Claude 配置基本一致，但核心行为是从GitHub README信任并安装任意第三方 MCP 的 `npx -y @latest` 配置，属于明显的供应链与外部内容信任风险。没有明确的凭证窃取或外传证据，因此更像高风险易受攻击技能，而非确认恶意。

Confidence: 87%Severity: 78%

Audit Metadata

Analyzed At

Mar 13, 2026, 07:01 AM

Package URL

pkg:socket/skills-sh/aAAaqwq%2FAGI-Super-Team%2Fmcp-installer%2F@613a17917bf63eaefa73f153622ef59963de4649