Skills
skills/mapbox/mapbox-agent-skills/mapbox-mcp-runtime-patterns/Gen Agent Trust Hub

mapbox-mcp-runtime-patterns

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The documentation and examples show how to programmatically start the Mapbox MCP server locally using the npx command.
  • Evidence: subprocess.Popen(['npx', '@mapbox/mcp-server'], ...) in SKILL.md and AGENTS.md.
  • Evidence: spawn('npx', ['@mapbox/mcp-server'], ...) in AGENTS.md and mastra-example.ts.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the use of the @mapbox/mcp-server package, which is downloaded from the official NPM registry when using the self-hosted patterns.
  • Evidence: Integration instructions in SKILL.md and AGENTS.md recommend npm install @mapbox/mcp-server or using npx.
  • [SAFE]: Network operations are restricted to Mapbox's official infrastructure for geocoding and routing services.
  • Evidence: All HTTP requests are sent to the hosted server at https://mcp.mapbox.com/mcp.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 11:23 PM