Skills
skills/googlecloudplatform/devrel-demos/mcp-connector-generator/Socket

mcp-connector-generator

Fail

Audited by Socket on Mar 11, 2026

1 alert found:

Obfuscated File
Obfuscated FileHIGH
SKILL.md

The skill presents a legitimate scaffolding utility for MCP-based connectors, aligning with its stated purpose of generating boilerplate toolsets for various connection patterns. However, there are notable security considerations: injecting secrets into the environment for local subprocesses, transmitting API keys via HTTP headers to remote MCP endpoints, and potential untrusted handling of inputs when triggering local scripts. The scope appears modest and scoped to boilerplate generation, but credential handling and data flow to external endpoints warrant explicit safeguards (env-scoping, secret management, least-privilege, explicit consent prompts, and clear data-flow boundaries). Overall, the footprint is proportionate to its stated purpose but remains suspicious enough to warrant caution due to credential exposure and networkBeacon risk if not properly implemented.

Confidence: 98%
Audit Metadata
Analyzed At
Mar 11, 2026, 11:50 AM
Package URL
pkg:socket/skills-sh/googlecloudplatform%2Fdevrel-demos%2Fmcp-connector-generator%2F@7936bbaa0bb83240711becc537aa5ecf96fb66c1