mcp-installer

This skill is coherently described and its capabilities line up with the stated purpose (installing/updating MCP server configs across multiple clients). The primary security concerns are supply-chain execution risk from using npx to run third-party CLI code (unfixed/unverified), and credential exposure risk from writing secrets into local JSON configs or embedding them in base64 deep links (URIs). These behaviors are explainable by the installer use case but are high-sensitivity operations that require strong user guidance, explicit integrity checks (version pinning, checksums), and safer handling of secrets (avoid embedding secrets in URIs, consider OS credential stores or encryption). Overall there is no evidence of active obfuscation or direct malware, but there are moderate supply-chain and credential-exposure risks. Recommend: require pinned CLI versions or checksum verification for third-party tooling, avoid placing secrets in URIs, offer encryption or OS secret-store integration, and clearly warn users about the risks of granting Full Disk Access.