mcp-builder

[Skill Scanner] Skill defers behavior to remote content fetched at runtime All findings: [HIGH] autonomy_abuse: Skill defers behavior to remote content fetched at runtime (AU005) [AITech 1.2] [HIGH] autonomy_abuse: Skill defers behavior to remote content fetched at runtime (AU005) [AITech 1.2] This is a documentation/guide skill for building MCP servers. It reads several external documentation URLs and local reference files but contains no code that executes, downloads executables, harvests credentials, or forwards data to third-party endpoints. The content is internally consistent with its stated purpose and presents low supply-chain risk based on the provided fragment. LLM verification: The skill fragment is a descriptive development guide for MCP servers. Its capabilities align with its stated purpose. The only notable risk is the recommended runtime remote content fetching (WebFetch) to load protocol/docs, which introduces a dependency on external content at execution time. There are no credentials, no data exfiltration, and no executable payloads in the fragment. Treat as BENIGN with caution due to remote content dependency.