secure-mcp-install

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and install commands embed an "API_KEY" value directly in JSON passed to the claude mcp add-json CLI, which requires including secret values verbatim in generated commands/configs and thus risks exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs cloning and auditing arbitrary third‑party repositories (SKILL.md Step 1: "git clone <REPO_URL>") and requires the agent to read, interpret, and act on that untrusted repository content (scans, manual review, and installation), so external, user-generated code can directly influence tool use and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "git clone <REPO_URL> <SERVER_NAME>" during its install/audit workflow, which fetches remote repository code that the guide then installs/executes (npm install, python -m venv and running the server), so the external repository URL ("<REPO_URL>") is a runtime dependency that can deliver and cause execution of remote code.