mcp

[Skill Scanner] [Documentation context] Backtick command substitution detected This skill/documentation is a legitimate template for building MCP servers. It contains normal high-risk capabilities for this class of software (database access, filesystem reads, network requests) and includes sensible admonitions (validate inputs, avoid exposing secrets). The primary security concerns are operational: storing sensitive credentials in local config files, weak example SQL validation, and the potential to accidentally expose secrets in tool responses. There is no direct evidence of malicious intent or obfuscation in the provided code, but operators must apply standard hardening (least privilege DB roles, strict SQL parsing or use of query parameterization, restrict filesystem paths, and whitelist outbound network destinations). LLM verification: [LLM Escalated] The code and documentation correctly demonstrate building an MCP server exposing tools to an AI agent. There is no evidence of overtly malicious behavior in the provided fragment. However, several moderate security and supply-chain risks exist: unpinned dependencies, insecure handling of credentials (placing DATABASE_URL in desktop config), naive SQL validation allowing potentially broad data exfiltration, and examples that encourage returning raw filesystem or database contents to the agent. Be