mcp-server-dev
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The documentation instructs developers to install official MCP packages and standard development tools.
- Evidence: References to
@modelcontextprotocol/server,@modelcontextprotocol/node,@modelcontextprotocol/express, and thezodvalidation library. - [COMMAND_EXECUTION]: The skill includes standard development commands for initializing, building, and testing MCP servers.
- Evidence: Examples using
npm init,npm install, andnpx @modelcontextprotocol/inspectorfor local development workflows. - [DATA_EXFILTRATION]: The skill provides explicit guidance on the secure handling of sensitive data and credentials.
- Evidence: Specifically warns against hardcoding secrets in configuration files and demonstrates passing API keys via the
envfield in Claude Desktop configuration. - [PROMPT_INJECTION]: The skill provides design patterns for building tools that process external data while maintaining safety.
- Evidence: The
elicitation.mdfile defines security rules for collecting user input, including the use of 'URL mode' for sensitive information to prevent it from entering the LLM's context window.
Audit Metadata