mcp-server-security

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The list mixes safe, official API endpoints (api.github.com, registry.npmjs.org) with multiple high-risk targets (attacker-controlled domain evil.com, cloud metadata 169.254.169.254, localhost/internal IPs and internal collector endpoints) that—while not direct .exe downloads—are strong indicators of SSRF/data-exfiltration and potential malicious use, so the overall set is moderately to highly suspicious.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit root-level operations and state-changing instructions (editing /etc/nginx, writing certs under /etc/ssl, unshare/mount commands, useradd in Dockerfile, CREATE ROLE in SQL, remounting filesystems) that require sudo/root and would modify the machine's state.