pica-crewai

[Skill Scanner] [Documentation context] Installation of third-party script detected This skill/integration document is functionally coherent: it legitimately instructs how to wire CrewAI to PICA via an MCP subprocess and correctly identifies the need for a PICA secret. It does, however, contain moderate supply-chain and credential-forwarding risks: running 'npx @picahq/mcp' (unversioned) is a download-and-execute pattern; passing PICA_SECRET and HOME into a subprocess increases the attack surface; no pinning/checksum or sandboxing guidance is provided. There is no direct evidence of malware or obfuscated malicious code in the provided text, but the operational pattern requires caution. Recommend treating this as a medium-to-high supply-chain risk unless the MCP package is pinned and verified and environment exposure is reduced. LLM verification: [LLM Escalated] The document correctly explains how to integrate PICA via an MCP stdio subprocess into CrewAI and provides useful runtime and streaming guidance. There are notable supply-chain and credential-exposure risks: using npx without version pinning or integrity checks and forwarding broad environment variables (PATH, HOME) to an external subprocess. These increase the chance of executing compromised code and of leaking secrets. Recommended actions: pin @picahq/mcp to a specific version and/or verify ch