express-mcp
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill directs the user to clone a repository from
https://github.com/Eng0AI/express-mcp.git. This GitHub account is not a recognized trusted organization or repository, posing a risk of downloading malicious code. - REMOTE_CODE_EXECUTION (HIGH): Following the clone, the skill instructs the user to run
npm installandnpm run build. Since the source is untrusted, these commands can trigger malicious post-install scripts or build-time code execution, potentially compromising the host system.
Recommendations
- AI detected serious security threats
Audit Metadata