mcp-server-tester

This skill's stated purpose (MCP server testing) aligns with most of its capabilities: discovery, proxying, and LLM-driven test generation legitimately require network access and an LLM key. However, the combination of (1) accepting and optionally persisting LLM API keys, (2) proxying all MCP traffic via a local inspector that executes curl calls, and (3) allowing provider base URL overrides creates a moderate supply-chain and credential-forwarding risk. The fragment does not document the inspector's installation provenance, signature verification, or restrictions on provider endpoints; these omissions raise the chance of credential exfiltration or routing sensitive data to attacker-controlled endpoints if misconfigured. I did not find explicit malicious code in this fragment, but the operational pattern (download/execute/forward, persistent secrets, configurable endpoints) is a realistic vector for abuse. Recommendations: require explicit, documented, verifiable inspector provenance (signed releases or official registry packages), avoid persisting secrets by default, warn users about custom provider base URLs, and implement redaction/opt-in logging for test reports.