Skills
skills/reapzyau/install-mcp-servers-skill/install-mcp-servers/Gen Agent Trust Hub

install-mcp-servers

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes npx to fetch and execute Node.js packages (@upstash/context7-mcp, @netlify/mcp). Because these packages originate from organizations not listed in the Trusted External Sources (e.g., Netlify and Upstash are not on the specific whitelist), they are categorized as unverifiable dependencies.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The installation of HTTP-based MCP servers (mcp.apify.com, netlify-mcp.netlify.app, mcp.context7.com) allows the agent to call remote tools whose logic is hosted on third-party infrastructure. This introduces a reliance on external, unverified remote execution environments.
  • [COMMAND_EXECUTION] (LOW): The skill automates the claude mcp add command to modify the agent's underlying configuration. While this is the intended purpose of the skill, it represents a persistent modification of the agent's capabilities via shell commands.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:35 PM