day2-supplement-mcp

The skill is an educational lesson for MCP and largely matches its stated purpose, but includes a high-risk supply-chain action: an unpinned npx install that downloads and executes third-party code and registers it with the agent. The fragment itself contains no explicit exfiltration code, hard-coded credentials, or obfuscated payloads, but the transitive installation step is the main security concern — it can enable downstream malicious behavior. Recommend pinning package versions, adding checksums, requiring manual review before install, and limiting the permissions and network access of any installed skill.