fastmcp-client-cli
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes how to use the fastmcp CLI tool to execute local Python files and arbitrary shell commands via the --command flag.
- [EXTERNAL_DOWNLOADS]: Examples utilize npx to fetch and run server implementations from the @modelcontextprotocol registry, which is an official and well-known source for the protocol.
- [DATA_EXFILTRATION]: Network communication with remote MCP servers over HTTP or SSE is a core feature enabling the agent to access external tool providers.
- [COMMAND_EXECUTION]: The discover command accesses configuration files from AI tools such as Claude Desktop and Cursor to locate available servers, serving the skill's primary purpose of cross-tool integration.
- [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing tool metadata and outputs from external servers. 1. Ingestion points: Tool schemas and results from fastmcp list and fastmcp call. 2. Boundary markers: None present. 3. Capability inventory: Command execution and network operations defined in SKILL.md. 4. Sanitization: None implemented.
Audit Metadata