mcp-troubleshoot
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user or agent to execute
@gongrzhe/server-gmail-autoauth-mcpusingnpx. This command downloads and runs code from an external, untrusted source not associated with the skill author or a trusted vendor.\n- [EXTERNAL_DOWNLOADS]: The use ofnpxinvolves fetching packages from the NPM registry at runtime without version pinning, integrity checks, or source verification, representing an unverified dependency risk.\n- [CREDENTIALS_UNSAFE]: The documentation explicitly identifies the storage locations for sensitive Google OAuth keys and session tokens (~/.gmail-mcp/gcp-oauth.keys.jsonand~/.gmail-mcp/credentials.json). Disclosing these paths to an AI agent increases the risk of data exposure or targeted exfiltration if the agent is subsequently compromised or misled.
Audit Metadata