mcp-setup

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] The SKILL.md-style instructions themselves are not directly malicious: they describe cloning and running third-party code and storing a Voyage API key for the context-graph server, which is coherent with the stated purpose. The primary risks are supply-chain: cloning and executing code from external GitHub repositories and running npm/pip install/build scripts without verification, and storing API keys in a plain .mcp.json file. The 'uv' command typo is an anomaly that should be corrected. I rate this as SUSPICIOUS / moderate supply-chain risk (not malicious in the README alone). Audit the referenced repositories and installer scripts before running. LLM verification: This Skill file is functionally coherent with its stated purpose (install and configure two local MCP servers and prompt for a Voyage AI API key). However it is suspicious from a supply-chain perspective because it instructs cloning and running unpinned third-party repositories and installing packages from npm/pip without integrity checks, and it routes a sensitive VOYAGE_API_KEY into a third-party process whose network behavior is not documented. No explicit malicious code is present in this sk

The script itself is not overtly malicious but presents a moderate supply-chain security risk because it clones remote code and runs npm install and npm run build with the invoking user's privileges without verification or isolation. The most likely dangers come from lifecycle scripts in the repository or its dependencies which could execute arbitrary commands, exfiltrate data, or modify the host. Recommend verifying the repository commit, auditing package.json and lifecycle scripts, and performing install/build in an isolated or least-privilege environment.