fastmcp-client-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill documentation encourages the execution of local Python files (e.g.,
fastmcp list server.py). This allows for arbitrary code execution on the local system. - COMMAND_EXECUTION (MEDIUM): The
--commandflag enables the execution of arbitrary shell strings (e.g.,fastmcp list --command 'npx -y ...'). If an attacker can influence the content of this string via prompt injection, they can achieve arbitrary command execution. - REMOTE_CODE_EXECUTION (MEDIUM): The documentation suggests using
npxoruvxwithin the--commandflag. This pattern involves downloading and executing code from remote registries at runtime, which is a high-risk operation. - DATA_EXFILTRATION (LOW): The
fastmcp discovercommand scans sensitive configuration directories for other AI agents (Claude, Cursor, Goose, etc.). While intended for discovery, this behavior exposes local environment configuration details to the agent. - PROMPT_INJECTION (LOW): As the skill ingests output from external MCP servers (Category 8: Indirect Prompt Injection), there is a risk that malicious tool descriptions or outputs could be used to manipulate the agent's behavior, especially given its powerful command execution capabilities.
Audit Metadata