Skills
skills/nousresearch/hermes-agent/fastmcp/Gen Agent Trust Hub

fastmcp

Warn

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/scaffold_fastmcp.py script is vulnerable to code injection. It uses a simple string replacement to insert the user-provided --name argument into a Python template. An attacker providing a maliciously crafted name could inject and execute arbitrary Python code when the resulting server script is subsequently run.
  • [DATA_EXFILTRATION]: The templates/file_processor.py template facilitates unrestricted filesystem access. Its tools use Path(path).expanduser() to read files without path-traversal protection or directory-based sandboxing. This allows an agent to be directed to read any file the user has permissions for, including sensitive credentials in ~/.ssh/ or .env files.
  • [COMMAND_EXECUTION]: The skill includes functionality to modify the configuration of external applications. The fastmcp install commands documented in SKILL.md and references/fastmcp-cli.md write to the configuration directories of Claude Desktop, Claude Code, and Cursor to register new servers, which acts as a persistence mechanism and alters the behavior of those clients.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 4, 2026, 05:50 PM