mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions recommend fetching official MCP documentation and SDK README files from trusted sources, including modelcontextprotocol.io and the official modelcontextprotocol GitHub organization. These references are restricted to documentation and specification files intended for development guidance.
- [COMMAND_EXECUTION]: The included evaluation script (
scripts/evaluation.py) supports testing local MCP servers via the 'stdio' transport. This functionality requires the script to execute a command provided by the user via command-line arguments (e.g., 'python my_server.py'). This is an essential and documented feature of the testing harness. - [DATA_EXFILTRATION]: The evaluation script integrates with the Anthropic API to process test questions. It adheres to security best practices by reading the required API key from environment variables rather than hardcoding credentials. Communication is directed to the official Anthropic API endpoint.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized privilege escalation attempts were detected. The skill serves its stated purpose as a developer utility and guide for building secure and effective Model Context Protocol integrations.
Audit Metadata