mage-remote-run

The Mage Remote Run skill is broadly coherent with its stated purpose of remotely managing Commerce ecosystems via a unified CLI, MCP server, and plugin support. The footprint centers on authenticated API interactions with remote stores and local config/token storage. While the overall design is sensible for legitimate automation and admin workflows, several security considerations require attention: explicit secure handling of credentials (avoid exposure in history/logs), explicit transport/security guarantees for API calls (TLS, certificate validation), provenance of the tool (clear distribution source), and strict access controls around MCP/plugins to prevent unintended remote actions. Absent concrete details on distribution, TLS defaults, and credential-safeguards, the risk remains MEDIUM with notable SUSPICIOUS potential around credential exposure and plugin-enabled actions. Overall, classify as SUSPICIOUS to BENIGN on a spectrum leaning toward BENIGN with clarifications needed; due to the agent-facing remote capability and plugin/MCP exposure, a cautious stance is warranted until explicit secure defaults are documented.