pica-mcp

[Skill Scanner] Installation of third-party script detected This is an integration guide for running PICA's MCP via npx and wiring it into the Vercel AI SDK. The document itself is not malicious code, but it instructs patterns that increase supply-chain and credential exposure risk: running an unpinned npx package and spreading full process.env into a third-party subprocess. Those practices are disproportionate and could enable credential exfiltration if the MCP package or its dependencies are compromised. I classify the artifact as SUSPICIOUS (documentation with risky recommendations) rather than directly malicious. Recommended mitigations: pin MCP package versions (or vendor the binary), pass a minimal env (only PICA_SECRET and necessary PATH), validate package integrity, and document expected network endpoints and allowlists for the MCP subprocess. LLM verification: The code and documentation itself are not directly malicious, but they contain operational supply-chain and credential-exposure risks that could enable credential theft or arbitrary code execution if the invoked MCP subprocess or dependencies are malicious or compromised. Primary issues: (1) use of `npx`/recommendation of unpinned 'latest' versions increases supply-chain risk; (2) spreading full process.env into the subprocess grants access to unrelated secrets. I recommend pinning/verifying pac