mcp-setup

SUSPICIOUS. The skill’s main purpose is coherent, and the recommended servers are mostly official or plausibly legitimate, but it introduces medium-to-high risk by installing unpinned MCP servers, forwarding credentials to those servers, and allowing arbitrary custom stdio/HTTP MCP endpoints that gain persistent access in future agent sessions.