mcp-cli-tool
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation guide contains a command that fetches a remote script and pipes it directly into the bash shell (
curl -fsSL https://raw.githubusercontent.com/philschmid/mcp-cli/main/install.sh | bash). This is a critical security risk as the script's contents are not verified and can be modified by the source at any time to execute malicious actions. - [EXTERNAL_DOWNLOADS]: The skill requires downloading a CLI tool from an external, unverified GitHub repository (
philschmid/mcp-cli) and recommends global installation usingbun installfrom a remote URL. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to configure and launch MCP servers using commands such as
npx,node, andbun. This intended functionality creates a significant attack surface for arbitrary command execution if the server configurations are compromised or malicious. - [PROMPT_INJECTION]: The skill exhibits vulnerability to indirect prompt injection by processing outputs from external MCP servers without using boundary markers or content sanitization. This risk is compounded by the agent's ability to execute further commands and write to the filesystem based on the processed data (Ingestion points:
SKILL.mdinstructions formcp-cli call; Capability inventory: file redirection,jqprocessing, and nested CLI calls).
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/philschmid/mcp-cli/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata