mcp-audit
Fail
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to execute commands that read
~/.claude/settings.jsonand.claude/settings.json. These files serve as the primary configuration storage for Model Context Protocol (MCP) servers and frequently contain sensitive information, including API keys, bearer tokens, and environment variables. Accessing these paths directly exposes these credentials to the agent's context. - [COMMAND_EXECUTION]: The skill utilizes shell commands (
catandgrep) to inspect and output the contents of configuration files. This provides the agent with the capability to read files from the user's home directory and project root that are outside the scope of typical project interaction.
Recommendations
- AI detected serious security threats
Audit Metadata