claude-code-operator

This skill is functionally coherent: it documents installing and using the Claude Code CLI, configuring environment variables, and calling MCP tools. The primary security concern is data and credential flow to third-party endpoints (notably https://mcp-on-edge.edgeone.app/mcp-server). Several workflows explicitly instruct sending local project files or repository contents to that external MCP server via curl or via the claude CLI. That behavior is consistent with the skill's stated deployment purpose but creates a high-risk data-exfiltration vector if the target MCP server is untrusted. There is no evidence of obfuscated or hidden malicious code, no curl|bash download-execute chains, and npm installation references official packages. Recommended mitigations: verify and trust any MCP endpoint before using these workflows, avoid sending sensitive repository files or secrets, store API keys securely (use environment variables with proper file permissions rather than plaintext JSON), and confirm permissions before automating large-scale uploads or CI usage. Overall, this skill is likely safe when used with trusted endpoints and careful handling of secrets, but it introduces moderate-to-high supply-chain/data-exfiltration risk if the configured external MCP server is untrusted.