mcp-config
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses and modifies high-sensitivity configuration files in the user's home directory, specifically
~/.claude.jsonand~/.claude/settings.json. These files serve as the primary storage for the agent's environment settings and potentially sensitive session data. - Evidence: Use of hardcoded absolute paths such as
/Users/likai/.claude.jsonand/Users/likai/.claude/settings.jsonin Python scripts. - [REMOTE_CODE_EXECUTION]: The documentation encourages the use of
npx -yto download and execute third-party packages from the NPM registry at runtime. - Evidence: Recommendation to install and run
shadcn-studio-mcpand@microlee666/unsplash-mcp-serverwithout version pinning or integrity checks. - [COMMAND_EXECUTION]: The skill's primary function is to modify the
mcpServersconfiguration, which defines the external commands and binaries the agent is authorized to execute. Malicious modification of these files can lead to the persistent execution of unauthorized code. - Evidence: Python and shell scripts designed to inject or delete entries in the
mcpServersandpermissionsblocks of system-wide configuration files. - [CREDENTIALS_UNSAFE]: The provided configuration examples explicitly guide users to store sensitive secrets in plain text within JSON files.
- Evidence: Examples showing
API_KEY,UNSPLASH_ACCESS_KEY, andEMAILfields being populated directly in theenvandargssections of the configuration.
Recommendations
- AI detected serious security threats
Audit Metadata