mcp-setup

[Skill Scanner] Natural language instruction to download and install from URL detected This skill's instructions are functionally consistent with its stated purpose (configuring MCP servers), and prompts for credentials and file access are expected for these integrations. However, it relies on executing remote code (npx, docker) and on configuring HTTP transports that can direct agent traffic and credentials to arbitrary endpoints. Because the documentation does not require provenance checks, integrity verification, or explicit warnings about storing tokens, there is a real operational risk of credential exposure or execution of malicious code if the user follows the instructions with untrusted packages or endpoints. Overall: not directly malicious in content, but it is SUSPICIOUS operationally and should be used with caution and verification of remote packages and endpoints. LLM verification: The skill is a legitimate configuration guide for adding MCP servers to Claude Code. It does not contain direct malicious code, but it prescribes actions (running npx/docker, supplying secrets, registering arbitrary HTTP endpoints) that materially increase supply-chain and credential-exfiltration risk if package images or endpoints are untrusted. Operational recommendations: verify and pin sources, use least-privilege and ephemeral credentials, avoid passing tokens in easily leaked CLI arguments