mcp-jetbrains-ide
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Remote Code Execution] (CRITICAL): The skill requires the
mhCLI and provides an installation command that downloads a shell script from an untrusted GitHub repository (vaayne/mcphub) and pipes it directly into the shell (curl -fsSL ... | sh). This allows for immediate, arbitrary code execution on the user's machine from an unverified source. - [Command Execution] (HIGH): The tool
executeTerminalCommandallows the agent to execute any shell command within the IDE terminal. Combined withexecuteRunConfiguration, this provides a direct path for system compromise if the agent is misled by malicious instructions. - [Indirect Prompt Injection] (HIGH): The skill has a massive attack surface for indirect prompt injection.
- Ingestion points:
getFileTextByPath,searchInFilesByText, andlistDirectoryTreeingest untrusted content from the project files. - Capability inventory: Includes arbitrary command execution (
executeTerminalCommand), file creation (createNewFile), and file modification (replaceTextInFile). - Sanitization/Boundaries: No sanitization or boundary markers are defined.
- Risk: An attacker could place a malicious instruction inside a source code file (e.g., in a comment). When the agent reads that file for context, it may execute the embedded command via the IDE's terminal.
- [Data Exposure] (HIGH): Tools like
getFileTextByPathandgetAllOpenFilePathsallow the agent to read any file within the project scope. If the IDE is misconfigured or has broad permissions, this could lead to the exposure of sensitive files like.envfiles, SSH keys, or cloud credentials.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata