troubleshoot-mcp-connection

This skill is a legitimate troubleshooting guide for MCP connection problems. It requests reading local config files and using environment tokens and running local helper executables and network checks against huggingface.co — all consistent with its stated purpose. No obfuscated or clearly malicious code is present, nor are there instructions to exfiltrate data to attacker-controlled endpoints. The residual security concerns are supply-chain and credential exposure risks: recommending global npm installs (unversioned) and storing/placing HF_TOKEN in configurations can increase attack surface if operators install untrusted packages or leak config files. Operators should verify npm package provenance, prefer pinned versions or a vetted installer, and handle tokens/credentials securely (avoid committing or sharing config files).