statsig

The skill's footprint is generally coherent with its stated purpose of managing Statsig MCP entities. The main security considerations are the handling of API keys in a local config file and the reliance on an external npm-based tool (npx mcp-remote) to interface with the MCP server. As long as API keys are managed securely (restricted permissions, secure storage, minimal logging) and the MCP client is sourced from a trusted registry with verification, the risk is moderate and proportional to its operational goals. Monitoring for credential exposure and ensuring the MCP client is from a trusted source are recommended mitigations.