Skills
skills/vercel-labs/json-render/mcp/Gen Agent Trust Hub

mcp

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFE
Full Analysis
  • [Dependency Management]: The skill references several packages from the @json-render ecosystem and the official @modelcontextprotocol/sdk. These are standard libraries for building MCP servers and rendering dynamic UIs.
  • [File System Access]: The server implementation uses fs.readFileSync to load a local HTML file (dist/index.html). This is a routine operation for serving web assets and is used here to provide the UI for the MCP application.
  • [Command Execution Configuration]: The documentation provides configuration examples for tools like Cursor and Claude that use npx tsx to launch the server. This is a standard method for executing local TypeScript scripts in a development or integration environment.
  • [Cross-Origin Communication]: The client implementation utilizes postMessage to communicate between the host application and the iframe-based UI, which is the expected architectural pattern for secure, isolated UI rendering in this context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 02:43 AM