fastmcp
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill follows security best practices for MCP server development, including patterns for encrypted storage backends and secure handling of credentials via environment variables.\n- [REMOTE_CODE_EXECUTION]: The
scripts/test-server.shutility script generates a temporary Python test runner to verify server functionality. This is a common development practice for testing local servers and uses a static template hardcoded within the script.\n- [REMOTE_CODE_EXECUTION]: The framework facilitates dynamic tool and resource generation viaFastMCP.from_openapi, which constructs server components based on an OpenAPI specification. This is a core functionality of the library designed to simplify API integration.\n- [COMMAND_EXECUTION]: The companion scaffolding agent (mcp-scaffold) provides instructions for initializing new projects using standard shell commands for directory and package management.\n- [DATA_EXFILTRATION]: Templates include capabilities for interacting with external APIs usinghttpx. These network capabilities are intended for the core functionality of bridging services to an MCP server and are configured using user-defined endpoints.\n- [CREDENTIALS_UNSAFE]: The skill proactively encourages security by providing documentation and diagnostic scripts (such asscripts/deploy-cloud.sh) that check for hardcoded secrets and recommend the use of environment variables for API keys and tokens.
Audit Metadata