Skills
skills/sundial-org/awesome-openclaw-skills/guru-mcp/Gen Agent Trust Hub

guru-mcp

Pass

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the mcporter binary tool to execute commands against the Guru MCP server for operations like document search and card updates.
  • [SAFE]: API credential management for GURU_API_TOKEN correctly directs users to store sensitive information in a local .env file rather than hardcoding values into the skill.
  • [SAFE]: Network communication is exclusively directed to the official Guru API domain (mcp.api.getguru.com), which is a recognized and well-known service provider.
  • [SAFE]: An indirect prompt injection surface is identified as the skill ingests content from external Guru cards and AI responses. This is assessed as safe as it is central to the skill's primary documentation-retrieval purpose.
  • Ingestion points: guru_answer_generation, guru_search_documents, and guru_get_card_by_id in SKILL.md.
  • Boundary markers: None identified.
  • Capability inventory: guru_create_draft and guru_update_card in SKILL.md.
  • Sanitization: None identified.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 24, 2026, 12:25 AM