mcp-jetbrains-ide

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] command_injection: Reference to external script with install/setup context (SC005) The skill's declared purpose and capabilities are consistent: it legitimately exposes IDE functionality over MCP for automation (file ops, search, refactor, run configurations). There are no explicit signs of obfuscation or hardcoded secrets in the provided text. However, capabilities that allow arbitrary file reads/writes and terminal command execution are high-risk by design. If MCP access is restricted to a trusted local client (mh on localhost) and the installer is audited, the skill is functionally benign for its purpose. If MCP or the mh CLI are misconfigured, or a malicious caller can reach the MCP endpoint, these capabilities enable easy data exfiltration and remote command execution. Recommendation: treat this skill as powerful-but-legitimate when used locally and with trusted callers; do not expose MCP beyond localhost, audit remote install scripts before running, and restrict which tools can be invoked programmatically (or require explicit user confirmation for high-risk tools like executeTerminalCommand and executeRunConfiguration). LLM verification: This SKILL.md describes a plausible and legitimate IDE automation skill for JetBrains IDEs. The listed capabilities largely align with the stated purpose (file ops, search, refactor, run configs). However there are two noteworthy risks: (1) the README recommends installing the mh CLI via a shell-piped raw GitHub script (curl | sh) with no integrity verification — a supply-chain trust decision that is risky to execute blindly; (2) the toolset includes executeTerminalCommand and executeRunConfigur