mcp-manager
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or behaviors were detected in the skill's code or metadata.
- [COMMAND_EXECUTION]: The script
scripts/health_check.pyusessubprocess.runto execute thewhichcommand. This is used solely to verify the existence of configured MCP server executables on the system path, which is a safe and common administrative check. - [DATA_EXFILTRATION]: The skill accesses
~/.claude.jsonto manage MCP server settings. The analysis confirmed that this access is local-only and necessary for the skill's primary management functions, with no evidence of data being transmitted externally. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: User-provided task descriptions are processed by the
recommendcommand inscripts/mcp_manager.py. - Boundary markers: No explicit boundary markers are present in the recommendation logic.
- Capability inventory: Subprocess execution is limited to environmental checks (
which). - Sanitization: The input is used for string-based matching against a static capability library, which does not present a path for command injection or agent subversion.
Audit Metadata