Skills
skills/awslabs/mcp/dsql/Socket

dsql

Warn

Audited by Socket on May 12, 2026

1 alert found:

Anomaly
AnomalyLOW
mcp/.mcp.json

No explicit malicious functionality is evident in this snippet itself, but it materially increases supply-chain and operational risk by (1) executing an unpinned dependency at runtime via `uvx` using `...@latest`, and (2) trusting an external HTTP MCP endpoint. Recommend pinning the exact `aurora-dsql-mcp-server` version (and ideally verifying checksums/lockfile integrity) and reviewing network trust boundaries and logging/telemetry settings for auditability.

Confidence: 65%Severity: 58%
Audit Metadata
Analyzed At
May 12, 2026, 07:23 PM
Package URL
pkg:socket/skills-sh/awslabs%2Fmcp%2Fdsql%2F@940adcfa92a4fa8f2ba6e90065a53be8c3bf7224