Skills
skills/anyoneanderson/agent-skills/mcp-convert/Gen Agent Trust Hub

mcp-convert

Warn

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses the file ~/.claude.json, which is a configuration file used by Claude Code that typically stores sensitive environment variables, authentication tokens, and API keys. These credentials are extracted and displayed in the terminal output when the skill runs in dry-run or export modes.
  • [COMMAND_EXECUTION]: The bundled script scripts/convert_claude_to_codex.py uses the subprocess module to execute system commands, specifically calling the codex CLI to add or remove MCP server configurations.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of local configuration data.
  • Ingestion points: Configuration is read from ~/.claude.json.
  • Boundary markers: The skill utilizes AskUserQuestion to require user consent before applying changes to the system.
  • Capability inventory: The skill can execute codex mcp add, which allows for the registration and subsequent execution of arbitrary binaries defined in the configuration file.
  • Sanitization: While the script uses shlex.quote for display purposes, it does not perform validation or sanitization on the command paths or arguments retrieved from the JSON configuration before passing them to subprocess.run.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 18, 2026, 06:45 AM