mcp-oauth-setup
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill documents implementation steps for OAuth Dynamic Client Registration and Metadata Discovery using Ruby on Rails patterns. All code examples follow standard security practices, including the use of PKCE for authorization codes and encryption for stored credentials (using ActiveRecord encryption).
- [SAFE]: Network requests implemented via Faraday and Net::HTTP are directed at user-supplied MCP server endpoints for discovery, registration, and tool listing, which is the primary intended function of the skill. The examples provided target well-known services such as Linear, Sentry, and Render.
- [SAFE]: No malicious patterns, such as prompt injection, obfuscation, or persistence mechanisms, were identified in the instructions or reference files. The use of Rails' message_verifier for state parameters and S256 PKCE challenges demonstrates a security-first approach to the implementation guide.
Audit Metadata