deepwiki

Overall, the DeepWiki MCP skill appears benign with respect to its stated purpose of reading public GitHub repo documentation and performing Q&A. The primary concern is the transitive dependency on the mcporter skill to execute MCP calls, which introduces a trust chain and potential hidden data flows. No explicit credential handling or write/exfiltration is described, and public-data access aligns with the stated scope. Treat the transitive loading as a medium risk due to potential broadened permissions and data exposure from the loaded skill.