mcp-server-builder

[Skill Scanner] Backtick command substitution detected All findings: [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] BENIGN overall as documentation/templates intended to generate MCP servers. No direct indicators of malware or credential-harvesting infrastructure. Primary security risks are due to plausible insecure defaults in examples: the Python file-manager example performs filesystem read/write by concatenating base_path with user-supplied paths without explicit path normalization or a check that the resolved path remains inside base_path; this enables path traversal and potential sensitive-file exposure or overwrites if deployed as-is. Generated servers will also require proper handling of secrets (env vars) and transport-level authentication. Recommend: implement strict path normalization and is_relative_to checks, enforce size/content limits, require explicit BASE_PATH configuration, and add concrete auth and audit/ACL guidance in generated code. LLM verification: No clear evidence of malicious code or supply-chain exfiltration in the provided fragments. The skill's declared purpose matches the code: generating MCP servers (calculator and file-manager examples). The primary security concern is the file-manager example's potential to read/write arbitrary files because base_path defaults to '.' and the snippet does not show path normalization, sandboxing, authentication, or authorization checks. A legitimate file-manager tool must implement strict path vali