add-app-to-server

[Skill Scanner] Installation of third-party script detected All findings: [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] This skill is an integration guide for adding MCP Apps UI to servers and is coherent with its stated purpose. I found no explicit malicious code or data-exfiltration logic in the provided material. The main security concerns are supply-chain and artifact integrity: the guidance to install unpinned npm dependencies and to serve built HTML (which, if tampered with) could deliver malicious code to hosts. Optional CSP domain allowances also expand exfiltration risk if misused. Recommend pinning dependency versions or using a lockfile, verifying build artifacts (checksums/signing), and auditing any external domains the UI is allowed to contact. LLM verification: The documentation provides a coherent, framework-level guide for enriching MCP server tools with UI via the MCP Apps SDK. The described workflow aligns with legitimate development practices (UI resources, iframe hosting, structured content for UI, and text fallbacks). Main concerns center on reproducibility and supply-chain risk due to unpinned dependencies and dynamic version resolution, plus the need for explicit integrity verification and strict CSP governance when loading external resources.