search-and-fork

The skill’s stated purpose (searching for and forking open-source repositories on Gitee via an MCP server) is coherent with its described workflow. The data flows are API-driven through MCP endpoints, with user authentication implied by the fork action. There are no evident push-permissions beyond the expected fork operation, and there are no unusual data exfiltration or credential-forwarding patterns evident in the description. Overall risk appears low to moderate and proportional to the task of forking a repository; however, the reliance on MCP server trust and proper access control is a critical surface. Recommend ensuring MCP servers are trusted, access tokens are scoped appropriately, and user confirmation is required before forking actions.