mcp-app-dev-setup
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a repository from the official Elastic GitHub organization ('https://github.com/elastic/forge.git'). This is a trusted source consistent with the skill's authorship.
- [COMMAND_EXECUTION]: The skill uses standard development tools including 'git', 'pip', 'npm', and 'python3'. These commands are used as intended for environment setup, dependency installation, and smoke testing.
- [CREDENTIALS_UNSAFE]: While the skill interacts with sensitive credentials (Elasticsearch and Kibana API keys), it follows security best practices by reading them from a '.env' file and explicitly instructing the agent never to check these files into version control. It also directs users to fetch credentials from a secure internal source (1Password).
Audit Metadata