mcp-jetbrains-ide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The raw.githubusercontent.com link is a direct install.sh from an untrusted/unknown GitHub repo (high risk to run via curl | sh), and the localhost SSE endpoint is not an external download source but could allow local code execution or control of an IDE, so together they pose a moderate-to-high risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill exposes powerful IDE control (reading/replacing files, searching project content, and executing run configurations or arbitrary terminal commands) and includes a curl|sh installer recommendation—features that enable local RCE, credential discovery/exfiltration, and supply-chain risk if misused.