fastmcp-server
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill consists entirely of Markdown documentation and illustrative Python code snippets. No executable scripts are included in the skill package.
- [EXTERNAL_DOWNLOADS] (SAFE): The documentation references standard, well-known Python packages (e.g., fastmcp, pydantic, fastapi, opentelemetry) and official installation methods (pip, uv). All external links point to documentation sites (gofastmcp.com, docs.astral.sh) or GitHub repositories for legitimate libraries.
- [CREDENTIALS_SAFE] (SAFE): The documentation correctly advises using environment variables (
os.environ) for sensitive data like API keys and OAuth secrets. No hardcoded credentials or real secrets are present. - [OBFUSCATION] (SAFE): A Base64 string is present in
references/features/icons.mdwithin a data URI for an icon. Analysis confirms it decodes to a benign SVG circle element:<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24"><path d="M12 2C6.48 2 2 6.48 2 12s4.48 10 10 10 10-4.48 10-10S17.52 2 12 2z"/></svg>.
Audit Metadata