native-mcp

The skill's stated purpose matches its capabilities: it is an MCP integration guide/client. It is not overtly malicious, and its official `mcp` install path is legitimate. However, the skill intentionally enables broad third-party extension loading, runtime package execution (`npx`/`uvx`/any command), credential forwarding to external servers, auto-injected tools, and default-enabled server-initiated sampling. Those behaviors are coherent for an MCP client but create substantial security exposure if users connect untrusted servers. Overall: suspicious/high-risk integration surface, not confirmed malware.