mcp-grep-code
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions suggest installing the required
mhCLI tool using the commandcurl -fsSL https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh | sh. This pattern fetches and executes a script directly from the author's repository in the user's shell. While the script originates from the skill's own vendor (vaayne), this method bypasses traditional package verification and is a high-privilege execution pattern. - [INDIRECT_PROMPT_INJECTION]: The
searchGitHubtool retrieves and processes literal code snippets from public GitHub repositories, creating a surface for indirect instructions to enter the agent's context. - Ingestion points: Untrusted code content is retrieved from external public repositories via the grep.app API.
- Boundary markers: No specific delimiters or instructions are provided to the agent to isolate the retrieved code from its operational logic.
- Capability inventory: The skill utilizes the
mhCLI for tool invocation, which involves executing system commands. - Sanitization: There is no evidence of content sanitization or validation for the retrieved search results.
- [COMMAND_EXECUTION]: The skill operates by invoking the
mhCLI tool through shell commands. This involves the agent generating and executing subprocess calls to interact with the MCP service.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/vaayne/mcphub/main/scripts/install.sh - DO NOT USE without thorough review
Audit Metadata