mcp-creator
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions as a security-conscious development framework, providing templates that implement robust error handling and defensive programming.
- [EXTERNAL_DOWNLOADS]: Correctly identifies and utilizes official packages from the @modelcontextprotocol namespace for server scaffolding and SDK functionality.
- [CREDENTIALS_UNSAFE]: Provides clear educational content and anti-patterns regarding secret management, advocating for the use of environment variables and dedicated secret management services instead of hardcoding credentials.
- [COMMAND_EXECUTION]: Includes specific documentation and implementation examples for preventing command injection by using array-based arguments and input sanitization.
- [DATA_EXFILTRATION]: Explicitly addresses and provides mitigations for Server-Side Request Forgery (SSRF) by demonstrating how to validate URLs and filter private IP ranges.
Audit Metadata