hap-mcp-usage

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The skill description is broadly coherent with automated cross-platform MCP configuration and validation. While not malicious, there are security and UX considerations: credential exposure in outputs/logs, broad automated writes across platforms, and restart prompts that could affect workflows. Improve by redacting secrets in logs, adding per-platform explicit user consent for non-read-only updates, and ensuring restart flows are non-disruptive. Overall: Benign with notable sensitivity around secret handling and automation scope. LLM verification: The skill's operations are largely consistent with its stated purpose: detecting the active AI tool environment, adding/updating MCP server entries (including URLs with HAP-Appkey/HAP-Sign), and validating connectivity. The main risks are operational and supply-chain in nature: (1) runtime installation via npx of third-party packages (supply-chain risk if packages or npm are compromised), (2) writing sensitive HAP credentials to local config files (credential-at-rest risk), and (3) use of enviro