Skills
skills/codealive-ai/agents-reflection-skills/mcp-management/Gen Agent Trust Hub

mcp-management

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute various CLI commands for managing server installations, including agent-specific commands like claude mcp and the add-mcp utility from the Neon organization.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the installation and execution of third-party MCP servers. These servers run as subprocesses via stdio or connect over the network using HTTP/SSE transports. It utilizes npx -y for automated package execution.
  • [EXTERNAL_DOWNLOADS]: The skill fetches server configuration and availability data from the official MCP registry and downloads packages from npm and GitHub repositories belonging to well-known vendors such as GitHub, Cloudflare, and Neon.
  • [CREDENTIALS_UNSAFE]: The skill manages environment variables and local configuration files (e.g., ~/.claude.json, .mcp.json) which store API keys and tokens. It follows security best practices by instructing the agent to use AskUserQuestion to collect these credentials directly from the user rather than hardcoding them.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 10:57 PM
Security Audit — agent-trust-hub — mcp-management