setup-serena-mcp

================================================================================

🟡 VERDICT: MEDIUM

This skill guides the user to set up an external tool, 'Serena MCP server'. The primary risk stems from the skill's reliance on and instruction to use an external, unverified project. The skill itself does not contain direct malicious code, but it acts as an intermediary to a potentially risky external dependency.

Total Findings: 3

🟡 MEDIUM Findings: • Unverifiable External Tool Reliance

• Line 47: The skill instructs the user to run commands from an external tool, serena (e.g., serena project create --index). The source for this project (oraios/serena on GitHub and oraios.github.io) is not from a trusted organization. This means the integrity and security of the serena tool itself cannot be verified by this analysis, posing a risk if the tool were malicious. The skill implicitly relies on the user installing and executing code from this unverified source.

🔵 LOW Findings: • External Documentation Loading

• Line 34: The skill loads documentation from https://raw.githubusercontent.com/oraios/serena/refs/heads/main/README.md and https://oraios.github.io/serena/... URLs. While oraios is not an explicitly trusted GitHub organization, the action is to load documentation, not to execute code directly. This is noted as a low risk for the download itself, but the content of these documents could potentially contain indirect prompt injection.

ℹ️ TRUSTED SOURCE References: • GitHub Content Download

• Line 34: The skill references https://raw.githubusercontent.com/oraios/serena/refs/heads/main/README.md. While githubusercontent.com is a trusted domain, the specific organization oraios is not on the explicit trusted list. This is noted as an informational finding for the download itself, as it's documentation.

================================================================================