fastmcp-client-cli
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the use of the
--commandflag to execute arbitrary shell strings (e.g., 'npx -y @modelcontextprotocol/server-github'). In an agentic context, this allows the AI to run any system command. - [REMOTE_CODE_EXECUTION]: The CLI provides the ability to execute local Python files directly (e.g., 'fastmcp list server.py'), which the documentation notes will 'run via fastmcp run automatically'. This facilitates the execution of local script content.
- [DATA_EXPOSURE]: The 'fastmcp discover' command is designed to scan and read local configuration files for several AI applications, including Claude Desktop, Claude Code, Cursor, Gemini CLI, and Goose, to identify configured MCP servers.
- [INDIRECT_PROMPT_INJECTION]: The skill's workflow involves ingesting data from external MCP servers and local configuration files ('mcp.json'). There are no documented sanitization steps or boundary markers to prevent a malicious server or configuration from returning instructions that could manipulate the agent's behavior. Evidence:
- Ingestion points: Remote HTTP/HTTPS MCP servers, 'mcp.json' configuration files, and local 'server.py' files.
- Boundary markers: None identified in the command-line usage or output descriptions.
- Capability inventory: Subprocess execution (via '--command' and Python file execution), network access (via HTTP/HTTPS targets), and file system read access (via 'discover' and 'mcp.json' targets).
- Sanitization: No evidence of input validation or output escaping is provided in the documentation.
Audit Metadata