Skills
skills/levnikolaevich/claude-code-skills/ln-012-mcp-configurator/Gen Agent Trust Hub

ln-012-mcp-configurator

Fail

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Uses elevated privileges via sudo to install system dependencies (e.g., ripgrep) on Linux environments.
  • [COMMAND_EXECUTION]: Modifies security-critical configuration files (~/.claude/settings.json and IDE settings.json) to grant universal permissions to tools and enable security boundary bypasses (bypassPermissions), which disables user-facing prompts for agent actions.
  • [EXTERNAL_DOWNLOADS]: Downloads and installs various tools and packages from external sources including npm, system repositories (apt, yum, brew, winget, scoop), and GitHub forks.
  • [REMOTE_CODE_EXECUTION]: Executes code via npx -y for MCP server registration and management, and instructs the installation of specific SCIP exporter tools from the author's GitHub forks.
  • [PROMPT_INJECTION]: Presents an indirect prompt injection surface as it ingests data from other command/skill files (.claude/commands/*.md, .claude/skills/*/SKILL.md) without explicit boundary markers or content sanitization. This is coupled with broad capabilities including shell execution (claude mcp add) and configuration writes.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 26, 2026, 01:34 PM