mcp-deploy

This skill is coherent with its stated purpose (automating MCP deployments) and mainly provides operational instructions rather than embedding code. The primary security concerns are supply-chain and credential exposure risks: (1) a curl|sh installer (astral.sh) is recommended without integrity checks; (2) users are instructed to download and install third-party binaries and place them in system paths without verifying checksums or signatures; (3) credentials are stored in plaintext environment files and passed via command-line/env strings, increasing exposure and the chance of forwarding secrets to third-party tools. These are supply-chain and operational risks rather than direct evidence of malicious code in the skill text itself. Recommend removing or mitigating curl|sh patterns (provide explicit verification steps or packaged installers), instructing use of secure secret storage (OS keyring or restricted-permission files), including checksum/signature verification for binaries, and warning about principle-of-least-privilege for tokens. Overall classification: medium supply-chain/security risk (suspicious patterns but not confirmed malware).