MCP Integration
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists purely of documentation, reference guides, and configuration templates. No malicious code, prompt injections, or obfuscation techniques were found during analysis.
- [EXTERNAL_DOWNLOADS]: The skill mentions official packages such as '@modelcontextprotocol/server-filesystem'. These are recognized as well-known technology services and are documented neutrally as standard tools for the protocol.
- [CREDENTIALS_UNSAFE]: All examples use secure placeholders like '${API_TOKEN}' and '${DATABASE_URL}'. The documentation explicitly includes a 'Security Best Practices' section that warns against hardcoding secrets and committing them to version control.
- [COMMAND_EXECUTION]: The documentation provides instructions for running MCP servers via 'stdio'. These instructions use local relative paths using the '${CLAUDE_PLUGIN_ROOT}' variable or reputable package managers, which is standard behavior for the intended development use case.
Audit Metadata