Skills
skills/mrgoonie/claudekit-skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The MCPConnectionStdio class in scripts/connections.py enables the execution of arbitrary local commands through the mcp library's stdio client interface.
  • Evidence: File scripts/connections.py line 77: stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env)). If the command or args parameters are populated from untrusted sources, it facilitates arbitrary command execution.
  • EXTERNAL_DOWNLOADS (LOW): The skill provides the capability to initiate connections to external URLs via SSE and HTTP, which could be leveraged for SSRF or data exfiltration.
  • Evidence: File scripts/connections.py lines 91 and 104 utilize sse_client and streamablehttp_client with user-provided URLs and headers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 05:00 PM