mcp-management

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Overall the skill's documented capabilities are consistent with its stated purpose: reading a local MCP config, discovering remote capabilities, executing tools via CLI or direct client, and persisting a local catalog. There are no explicit signs of embedded malware in the provided text. However, there are legitimate supply-chain and data-exfiltration risks: the skill requires reading config files that may contain credentials and will send those to configured MCP endpoints; it also recommends executing external binaries (gemini, npx) which increase the trust surface. A user should treat configured MCP endpoints as trusted, avoid storing sensitive tokens in shared repo paths, and review any externally run CLIs. Verdict: benign in intent but with moderate operational risk due to credential and third-party execution exposure. LLM verification: BENIGN: The skill’s described capabilities and execution model align with MCP management tasks. It relies on legitimate external tools (Gemini CLI) and local script-based orchestration to discover and execute MCP capabilities. No hardcoded secrets or data-collection behavior is evident; data flows adhere to MCP usage patterns. Operational risks exist around external tool dependencies and config access but are expected in this domain and do not indicate malicious intent. Recommendations include f