mcp-server-code-execution-mode

The skill’s stated purpose matches its main capability: containerized Python used to discover and call MCP tools. However, its real footprint is broad: it executes arbitrary code, launches third-party MCP servers, forwards credentials into them, and enables autonomous external actions. This looks coherent but high-risk rather than overtly malicious; the main concerns are supply-chain trust, credential forwarding, and broad side-effecting automation.