mcp-security-scanner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill is designed to read configuration files for AI tools including Claude Desktop, Cursor, Continue.dev, Windsurf, and Zed. These files are highly sensitive as they frequently contain hardcoded API keys, bearer tokens, and local system paths. Accessing these without clear sanitization or a trusted environment constitutes a high risk of data exposure.
- [EXTERNAL_DOWNLOADS] (HIGH): The skill requires the installation and execution of the
@contextware/mcp-scanpackage via npm or npx. This package is not from a verified trusted organization or repository. Running third-party code with the permission to read local files and scan the network is a significant security risk. - [COMMAND_EXECUTION] (MEDIUM): The skill utilizes shell commands (
mcp-scan network,mcp-scan configs) that incorporate user-provided targets and ports. While the skill includes phase-based assessments, there is a risk of command injection if the agent does not properly sanitize the<target>or<ports>arguments before shell execution. - [INDIRECT_PROMPT_INJECTION] (HIGH): The skill ingests untrusted data from network endpoints during its scanning phase. A malicious actor hosting an MCP server could return crafted responses designed to exploit the agent's logic when it presents results or provides remediation recommendations.
Recommendations
- AI detected serious security threats
Audit Metadata