secure-mcp-install
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands for repository cloning, running security audits, and configuring MCP server settings. These actions are performed through explicit user-guided steps and are necessary for the skill's auditing functionality.
- [EXTERNAL_DOWNLOADS]: The skill facilitates the downloading of source code and dependencies from third-party repositories. This behavior is documented as part of a 'trust but verify' security workflow, which includes pinning to specific commits.
- [REMOTE_CODE_EXECUTION]: The skill provides a workflow for installing and running MCP servers. It mitigates potential risks by providing a security scanner that checks for dangerous execution patterns (e.g., eval, exec) in the server source code prior to installation.
- [SAFE]: No malicious obfuscation, credential theft, or unauthorized network activity was detected within the skill's own code. The provided scripts and checklists are designed to improve the security of the user's environment.
Audit Metadata