mcp-builder
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADS
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill instructs users to install the official MCP SDKs (
mcpfor Python,@modelcontextprotocol/sdkfor Node.js). It also references the@anthropics/mcp-inspectortool, which is from a trusted organization. No untrusted third-party dependencies or piped remote execution patterns are present. - [Data Exposure & Exfiltration] (SAFE): Code examples use placeholders for sensitive information (e.g.,
YOUR_API_KEY) rather than hardcoding credentials. Network operations are limited to a standard Weather API used for demonstration purposes. - [Indirect Prompt Injection] (SAFE): The skill provides templates for tools that handle external data, such as SQL queries and file reading. While these represent a vulnerability surface, the severity is downgraded from LOW to SAFE because this functionality is central to the skill's primary purpose (building server tools). Furthermore, the skill provides a 'Best Practices' section specifically advising on input validation and security.
- [Automated Scan Results] (SAFE): The scanner alert for 'request.params.name' is a false positive. This is a property access in the TypeScript server template (
request.params.name === "hello") and not a URL or phishing attempt.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata