Skills
skills/webrenew/unicon/unicon-mcp/Gen Agent Trust Hub

unicon-mcp

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill's installation instructions and metadata specify the download of the @webrenew/unicon-mcp-server package from the npm registry. The author 'webrenew' is not on the list of trusted organizations, making this an unverified dependency.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The configuration for Claude Desktop and Cursor uses npx -y @webrenew/unicon-mcp-server. This pattern downloads and executes code directly from a remote repository at runtime, which can lead to arbitrary code execution on the host machine if the package is compromised.
  • [PROMPT_INJECTION] (LOW): The skill contains multiple tools that ingest untrusted data from the user or external sources, creating an attack surface for indirect prompt injection.
  • Ingestion points: The query parameter in search_icons, iconId in get_icon, and iconIds in get_multiple_icons are points where untrusted strings enter the agent context.
  • Boundary markers: None are specified in the tool definitions to delimit user input from instructions.
  • Capability inventory: The skill executes local node.js processes via npx as defined in the SKILL.md config instructions.
  • Sanitization: There is no evidence of input sanitization or validation within the provided skill definition.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:27 PM