mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill includes several shell scripts (e.g.,
check-versions.sh,deploy-cloud.sh,test-server.sh) meant for verifying the local environment and testing the generated servers. These are standard development utilities. - [EXTERNAL_DOWNLOADS]: The
assets/requirements.txtandassets/pyproject.tomlfiles reference standard and widely-used Python packages such asfastmcp,httpx, andpydantic. These are listed for installation into the user's development environment. - [SAFE]: The skill follows security best practices by providing a deployment checker script (
scripts/deploy-cloud.sh) that audits the user's server code for hardcoded API keys and secrets before deployment. No obfuscation, data exfiltration, or malicious injection patterns were found.
Audit Metadata