tool-connect

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] Functionally coherent with its stated purpose (connecting tools via MCP), but contains multiple supply-chain and credential-exposure risks: unpinned npx -y execution of remote packages, writing and caching of credentials without shown encryption, forwarding of env credentials to third-party MCP servers, and command patterns that can leak credentials. These behaviors are suspicious from a supply-chain security perspective and increase the chance of credential harvesting if any MCP server package or the npm registry is compromised. Recommend avoiding unpinned runtime installs, requiring pinned package versions or checksums, avoid persisting raw credentials to shared cache files, and clearly document and implement secure encryption for any cached secrets. LLM verification: The fragment demonstrates a coherent concept for MCP-based tool orchestration but presents elevated risk due to broad tool surface, credential handling via environment variables, and numerous outbound commands embedded in documentation blocks. It should be treated as suspicious until a tightly-scoped, per-action-consent, least-privilege, and auditable implementation is provided (with non-echoed tokens, restricted logging, and signed templates).