wikipedia-research

SUSPICIOUS. The stated purpose is coherent for a Wikipedia research skill, and it does not request disproportionate credentials. However, its core behavior relies on executing an arbitrary local script from WIKIPEDIA_MCP_SCRIPT with no pinned provenance, package source, or release verification. That makes the install/execution trust materially weaker than the benign documentation suggests. Data flow appears limited to Wikipedia content retrieval, so this is not confirmed malware, but it is a medium-high security risk due to unverifiable execution dependency.