skills/aradotso/mcp-skills/mcp-documentation-server/Snyk

mcp-documentation-server

Warn

Audited by Snyk on May 18, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill's Quick Start runs "npx -y @andrea9293/mcp-documentation-server" (and the repo https://github.com/andrea9293/mcp-documentation-server.git is referenced), which causes the MCP client to fetch and execute remote npm/github code at runtime—i.e., remote code is downloaded and executed as a required dependency.

Issues (1)

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

MEDIUM

Analyzed

May 18, 2026, 06:40 PM

Issues

1

Security Audit — snyk — mcp-documentation-server