converting-mcps-to-skills

This skill is functionally consistent with its stated purpose of connecting to MCP servers via HTTP or stdio and wrapping frequently-used servers as skills. However, it includes several supply-chain and credential-forwarding patterns that raise security concerns: it recommends running npm install and npx -y (download-and-execute), allows forwarding Authorization headers and env vars (credential exposure), and runs arbitrary commands for stdio servers (code execution with local privileges). There is no indication of intermediary exfiltration endpoints or obfuscated malicious code in the provided documents, but the operational patterns (transitive npm installs and executing fetched packages, and launching arbitrary subprocesses) are high-risk if users run them against untrusted endpoints or packages. Operators should treat these steps as sensitive: verify package authors, use pinned versions, run subprocesses in isolated sandboxes or containers, and avoid passing high-privilege credentials to untrusted MCP servers.