protect-mcp-setup
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and executes the protect-mcp and @veritasacta/verify packages from the NPM registry and installs a plugin from the author's GitHub repository.
- [COMMAND_EXECUTION]: Configures PreToolUse and PostToolUse hooks to execute shell commands during tool invocation.
- [DATA_EXFILTRATION]: Processes tool data locally to generate audit logs; no unauthorized data transmission to external domains was identified.
- [PROMPT_INJECTION]: The hook setup processes untrusted tool data which could lead to indirect injection. 1. Ingestion points: $TOOL_INPUT and $TOOL_OUTPUT variables within .claude/settings.json. 2. Boundary markers: Absent in the provided shell command templates. 3. Capability inventory: Subprocess execution via npx and file-writing to the local ./receipts/ directory. 4. Sanitization: Absent in the documentation; relies on the executable's internal handling.
Audit Metadata