mcp-jetbrains-ide

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Yes — the raw.githubusercontent.com link is a direct .sh download from an unvetted GitHub user (curl | sh), a high‑risk pattern for malware distribution, and although http://localhost:64342/sse is a local endpoint (not an external download), it can be used to trigger or proxy harmful local actions if a malicious service is present, so together they are suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill exposes powerful IDE control (read/modify arbitrary project files, list repo roots, read open files, run arbitrary run configurations) and instructs installing a remote script via curl|sh — while not explicitly malicious, these capabilities present high risk for data exfiltration, credential theft, remote code execution, and supply‑chain compromise if the MCP service or install script is exposed or malicious.