matlab-mcp-core-server
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to download a pre-compiled binary server from 'github.com/matlab/matlab-mcp-core-server/releases/latest'. This repository name ('matlab') is not the primary official MathWorks organization ('mathworks'), posing a potential impersonation or supply chain risk.
- [REMOTE_CODE_EXECUTION]: The server binary acts as an execution engine for code and scripts provided by the AI agent, effectively running external logic on the host system.
- [COMMAND_EXECUTION]: The documentation explicitly suggests granting execution permissions to the downloaded binary using 'chmod +x' on macOS and Linux systems.
- [COMMAND_EXECUTION]: The 'evaluate_matlab_code' and 'run_matlab_file' tools provide a direct interface for the agent to execute arbitrary MATLAB commands and scripts on the user's system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes external MATLAB code strings and script files without adequate security controls.
- Ingestion points: The 'code' parameter in 'evaluate_matlab_code' and the file contents accessed via 'check_matlab_code' and 'run_matlab_file'.
- Boundary markers: Absent; there are no instructions or delimiters to prevent the agent from obeying instructions embedded in the MATLAB code or scripts it processes.
- Capability inventory: The tools provide full access to the MATLAB environment, including file system access and potentially network operations via MATLAB built-in functions.
- Sanitization: Absent; the skill does not validate or sanitize the content of the MATLAB code before processing or execution.
Recommendations
- AI detected serious security threats
Audit Metadata