mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a library of templates and instructional guides for developers creating MCP integrations.
- [SAFE]: No hardcoded credentials or unauthorized data access patterns were identified; the provided code templates explicitly use environment variables and include warnings against hardcoding secrets.
- [SAFE]: All listed dependencies are standard libraries and well-known packages from official registries (PyPI and NPM).
- [SAFE]: The static detector flag for process control in 'references/cli-commands.md' is a false positive, as the file contains manual troubleshooting documentation for users (e.g., instruction on how to kill a process on a specific port) rather than automated malicious code.
Audit Metadata