mcp-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt's examples show and endorse embedding secrets directly in CLI invocations (e.g., -e "SLACK_BOT_TOKEN=..." / NEON_API_KEY=...), which encourages the LLM to generate commands containing verbatim API tokens and thus can cause secret exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime npx commands that fetch and execute remote npm packages (e.g., npx -y @modelcontextprotocol/server-slack, @sentry/mcp-server, @posthog/mcp-server, @anthropic/figma-mcp-server, frame0-mcp-server, @anthropic/playwright-mcp-server, @neondatabase/mcp-server-neon), which will run external code at runtime and provide MCP servers that can influence agent/tool behavior.