Skills
skills/kastalien-research/thoughtbox-dot-claude/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The MCPConnectionStdio class enables the agent to start and communicate with local processes. This is a primary requirement for the Model Context Protocol (MCP) and is implemented using standard patterns from the mcp library.
  • [EXTERNAL_DOWNLOADS] (SAFE): The MCPConnectionSSE and MCPConnectionHTTP classes allow connections to external URLs. This is standard functionality for remote MCP servers and does not contain hardcoded malicious endpoints.
  • [CREDENTIALS_UNSAFE] (SAFE): The code provides the infrastructure to pass headers and environment variables for authentication but does not contain any hardcoded secrets or sensitive keys.
  • [REMOTE_CODE_EXECUTION] (SAFE): While the skill can execute local commands, it does so as a client for the MCP protocol, which is its stated purpose. It does not download and execute arbitrary scripts from untrusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:14 PM