mcp-cli
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for using the mcp-to-cli tool via the command line to manage connections and invoke tools. It explicitly recommends the use of the --no-open flag by AI agents to prevent unauthorized host browser activity.
- [EXTERNAL_DOWNLOADS]: The tool establishes network connections to remote MCP servers. It includes a feature to resolve service names to the vendor's run.tools domain for simplified connection management.
- [SAFE]: The skill accesses the local filesystem specifically at ~/.mcp-to-cli/ to store and retrieve its own connection metadata and OAuth tokens, which is necessary for its functionality as a persistent CLI client. No unauthorized access to other sensitive system files was detected.
Audit Metadata