The Agent Skills Directory

[SAFE]: The skill uses a dedicated internal SDK (sdk.mcp) to manage MCP server connections and tool invocations. The provided scripts (add_server.py, get_servers.py, etc.) are wrappers around this SDK. While add_server.py allows executing command-line processes (stdio type), this is a standard feature for MCP servers, and the arguments are passed as a JSON array to prevent shell injection. The skill also explicitly instructs the agent to use run_skills_snippet for Python-based tool calls, following best practices for environment isolation and tool management. No evidence of data exfiltration, credential theft, or malicious obfuscation was found.

using-mcp