mcp-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill uses
subprocess.runwithinscripts/health_check.pyto verify binary presence using thewhichcommand. This is implemented using a list of arguments, which prevents shell injection attacks. - DATA_EXPOSURE (SAFE): The scripts access the local
~/.claude.jsonfile to identify configured MCP servers. While this file can contain API tokens, the skill processes this information only for local management and does not contain any network communication or exfiltration logic. - INDIRECT_PROMPT_INJECTION (SAFE): This skill has an ingestion surface for data from local configuration files.
- Ingestion points: Reads
~/.claude.jsoninscripts/health_check.pyandscripts/mcp_manager.py. - Boundary markers: None; the script assumes a valid JSON structure from the local config.
- Capability inventory: Limited to file read/write and existence checks via
subprocess.run(['which', ...]). - Sanitization: No specific sanitization of the command strings retrieved from the config, but the impact is minimized by using non-shell execution.
Audit Metadata