mcp-builder
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE] (SAFE): The skill is primarily instructional, providing templates and best practices for creating MCP servers in Python and TypeScript. It does not contain any executable logic that would pose a security risk.
- [EXTERNAL_DOWNLOADS] (SAFE): The skill mentions standard libraries such as 'fastmcp' and '@modelcontextprotocol/sdk'. These are legitimate tools for the Model Context Protocol ecosystem.
- [COMMAND_EXECUTION] (LOW): A verification command is listed (
node .claude/scripts/sfc_lint.mjs), which is a standard linting practice for this type of development environment and points to a local script rather than a remote one. - [DATA_EXPOSURE] (SAFE): References to internal paths (e.g.,
src/runtime/mcp/servers/) are provided as examples for the developer's context within the project and do not represent unauthorized data access.
Audit Metadata