mcp-setup
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill clones repositories from an untrusted GitHub user ('gurusharan'), which is not part of the trusted organization list.
- REMOTE_CODE_EXECUTION (HIGH): In 'scripts/install-token-efficient.sh', the skill automatically executes 'npm install' and 'npm run build' on untrusted content immediately after cloning. The manual instructions also suggest 'pip install -r requirements.txt' on cloned content, providing a significant vector for remote code execution with user privileges.
- COMMAND_EXECUTION (MEDIUM): The skill uses shell scripts like 'verify-setup.sh' to perform environment checks and configuration tasks, which involves executing multiple commands that depend on the state of untrusted downloaded components.
- DATA_EXPOSURE (LOW): The verification script checks for the 'VOYAGE_API_KEY' environment variable and reads the local '~/.srt-settings.json' file, which are sensitive configuration points.
- METADATA_POISONING (MEDIUM): The 'SKILL.md' documentation references 'scripts/setup-all.sh', which is missing from the provided skill files. This inconsistency could be used to hide more complex or malicious setup logic.
Recommendations
- AI detected serious security threats
Audit Metadata