mcp-builder
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Process Interaction]: The included connection utility and evaluation harness can launch and communicate with local processes through the
stdiotransport. While this involves system-level execution, it is a standard mechanism for testing and interacting with local MCP servers. - [Documentation Fetching]: The skill guide provides instructions for fetching current README files from the official Model Context Protocol GitHub repositories. This practice ensures that the AI agent has access to the most recent SDK specifications and protocol documentation.
- [Network Connectivity]: The evaluation scripts perform network requests to interact with AI service providers and remote MCP endpoints. These operations are necessary for evaluating the server's effectiveness in completing complex, multi-step tasks.
- [Secret Management]: Sensitive information such as API keys is managed through environment variables and request headers rather than being hardcoded in scripts. This aligns with recommended security practices for development tools that interact with external services.
Audit Metadata