mcp-management

No explicit malicious code is present in this documentation fragment. The major risks are architectural and operational: expanding the trust boundary by recommending symlinks and making an external CLI (gemini) the primary execution path, persistent storage of discovered capabilities, and lack of guidance for secrets handling. These choices increase the chance of accidental credential exposure or exfiltration if the invoked binaries or configured MCP servers are malicious or compromised. Because executable script contents and the gemini binary are not provided, a code-level audit is required for definitive conclusions. Recommended actions: audit scripts/cli.ts, verify the provenance and integrity of gemini-cli before use, restrict filesystem permissions on .claude/.mcp.json and assets/tools.json, and add explicit guidance for secrets handling and TLS/endpoint verification.