axiom-asc-mcp

[Skill Scanner] Skill instructions include directives to hide actions from user All findings: [HIGH] autonomy_abuse: Skill instructions include directives to hide actions from user (BH009) [AITech 13.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This SKILL is a legitimate-looking integration describing use of a third-party CLI (asc-mcp) to automate App Store Connect tasks. The documentation itself contains no direct malware or obfuscated code, and its requested credentials (Key ID, Issuer ID, private .p8) are appropriate for the stated purpose. However, installing and executing an external binary from a third‑party repository (mint install zelentsov-dev/asc-mcp@1.4.0) without verifying integrity is a material supply‑chain risk. Concentrating multiple company private keys in a local config file and the large default worker surface increase potential damage if the installed binary is malicious or compromised. Recommend: only install asc-mcp from trusted sources, verify repository/tags, restrict access to private key files (filesystem permissions), and limit workers to the minimum required. Overall: functionally coherent but moderate supply-chain/credential exposure risk.