skill-lookup

The skill-lookup SKILL.md is conceptually benign: it provides search and install instructions for agent skills and relies on MCP APIs to fetch skill files. The primary security concern is supply-chain: the documented install flow accepts and writes arbitrary files returned by get_skill into the agent's local skills directory with no integrity checks, validation, or sandboxing. That makes it possible for a malicious or compromised skill retrieved from the MCP service to include scripts or configs that exfiltrate data or perform harmful actions when later executed by the agent or user. There are no explicit hardcoded credentials, obfuscated code, or direct network exfiltration in the skill text itself. Mitigations would include verifying and signing skills, scanning or sandboxing returned scripts, prompting the user to review files before installation, and restricting executable file types or permissions.