mcp-setup

[Skill Scanner] Backtick command substitution detected This skill is functionally appropriate for setting up MCP servers, but it exhibits notable supply-chain and credential-forwarding risks: unpinned use of npx (download-and-execute), storing secrets in a home-directory config file, and passing credentials to third-party packages. There is no evidence of direct malware or intentional data exfiltration embedded in these scripts, but the patterns materially increase the chance that a compromised or malicious MCP server package could harvest credentials or execute arbitrary code. Recommend treating this skill as suspicious/vulnerable: require pinned package versions, prefer secure secret storage (OS keychain or dedicated vault), avoid writing plaintext tokens to repo-tracked files, require integrity checks, and minimize runtime installs via npx. LLM verification: The skill is coherent with its stated purpose (MCP server setup) and contains expected capabilities (detect config, prompt for credentials, scaffold templates, run adapters). However, it uses potentially dangerous patterns: persisting plaintext credentials to ~/.claude/config.json, invoking npx -y to fetch and run unpinned packages (download-and-execute), executing user-provided node servers, and intentionally minimal verification that avoids thorough checks. These patterns create a moderate sup