Skills
skills/evolv3ai/claude-skills-archive/mcp-server-management/Gen Agent Trust Hub

mcp-server-management

Warn

Audited by Gen Agent Trust Hub on Mar 2, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes PowerShell scripts such as add-mcp-server.ps1 and backup-config.ps1 that interact directly with the operating system to stop and start the 'Claude' process and manage sensitive configuration files in the user's AppData directory.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of external packages via npm and npx. While it primarily references trusted organizations like Anthropic and the Model Context Protocol, it also supports cloning repositories from arbitrary GitHub URLs for local building and execution.
  • [DATA_EXFILTRATION]: The diagnose-mcp.ps1 script performs extensive system reconnaissance, gathering sensitive metadata including the complete system PATH, the full contents of the Claude Desktop configuration file, a list of all running processes with their full command-line arguments, and recent entries from application logs.
  • [REMOTE_CODE_EXECUTION]: The skill is designed to set up and manage MCP servers (like win-cli, desktop-commander, and claude-code-mcp) that are specifically intended to provide the AI agent with the ability to execute arbitrary local shell commands, perform remote SSH operations, and manipulate the local filesystem.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 2, 2026, 03:30 AM