mcp-builder
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and README files from the official Model Context Protocol GitHub organizations and domains. These are trusted and well-known sources for the technology being documented.
- [COMMAND_EXECUTION]: The evaluation harness (
scripts/evaluation.py) and connection module (scripts/connections.py) allow the execution of local MCP servers using the stdio transport. This involves launching a user-specified command (e.g.,python my_server.py) to facilitate local development and testing, which is the primary purpose of the toolkit. - [SAFE]: Secret management follows secure patterns by instructing users to store API keys in environment variables (e.g.,
ANTHROPIC_API_KEY) rather than hardcoding them in scripts or configuration files. - [SAFE]: The evaluation prompt uses XML tags as boundary markers to structure the agent's output into distinct segments for summaries, feedback, and final responses, reducing the risk of accidental instruction confusion.
Audit Metadata