Skills
skills/wheelstransit/wheels-router-mcp/wheels-router/Gen Agent Trust Hub

wheels-router

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to configure and connect to an external MCP server at https://mcp.justusewheels.com/mcp. This domain is not part of the trusted source list, making the remote service and its returned data unverifiable.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The setup instructions recommend using npx mcp-remote or npx mcporter to interface with the remote URL. This pattern executes a bridge that translates remote server instructions into local tool executions. If the remote endpoint is compromised, it could potentially lead to malicious tool behavior.
  • [DATA_EXFILTRATION] (LOW): User-provided location queries and travel coordinates are transmitted to mcp.justusewheels.com. While this is required for the transit routing service, it involves sending potentially sensitive location data to a non-whitelisted third-party domain.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 11:29 AM