mcp-builder

[Skill Scanner] Skill defers behavior to remote content fetched at runtime All findings: [HIGH] autonomy_abuse: Skill defers behavior to remote content fetched at runtime (AU005) [AITech 1.2] [HIGH] autonomy_abuse: Skill defers behavior to remote content fetched at runtime (AU005) [AITech 1.2] The fragment is a coherent, permissive developer guide for MCP server development. It does not contain executable code, credential handling, or data exfiltration patterns. While it recommends loading external documents, this aligns with the stated purpose of providing comprehensive guidance and implementation steps. No malicious behavior is evident; the content remains within the scope of legitimate development guidance, though readers should ensure safe handling of remote docs in practice. LLM verification: The skill fragment is a descriptive development guide for MCP servers. Its capabilities align with its stated purpose. The only notable risk is the recommended runtime remote content fetching (WebFetch) to load protocol/docs, which introduces a dependency on external content at execution time. There are no credentials, no data exfiltration, and no executable payloads in the fragment. Treat as BENIGN with caution due to remote content dependency.