mcp-server-manager

[Skill Scanner] Destructive bash command detected (rm -rf, chmod 777) All findings: [CRITICAL] command_injection: Destructive bash command detected (rm -rf, chmod 777) (CI004) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This is documentation (skill) describing MCP server management for the Claude Code CLI. The file itself contains no executable malware, but it documents workflows that carry meaningful supply-chain and credential-exposure risks: unpinned package execution via npx, forwarding secrets to arbitrary stdio processes, environment-variable expansion into project-scoped JSON (risking VCS leaks), and importing local desktop credentials. If the CLI implements these behaviors without strict safeguards (version pinning, explicit confirmations, strong scope separation, and warnings about committing config), attackers can exploit them for credential harvesting or supply-chain compromise. Recommend treating this as medium security risk: validate that implementations require explicit opt-in, avoid npx -y/unpinned installs, prevent automatic inclusion of secrets in project-scoped files, and require per-action approvals for imports and execution of external commands. LLM verification: The document correctly describes the MCP server management features and expected workflows. It does not contain embedded malicious code, but it prescribes high-risk operational practices that can lead to credential leakage, supply-chain compromise, or accidental destructive actions if followed without safeguards. Key risks: running untrusted code via stdio transport (e.g., npx -y), storing or expanding secrets in project-scoped files (risk of git leaks), passing secrets on command lines (exposed