Skills
skills/launchdarkly/ai-tooling/mcp-configure/Gen Agent Trust Hub

mcp-configure

Pass

Audited by Gen Agent Trust Hub on May 14, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to configure coding environments to download and run the @launchdarkly/mcp-server package using npx. This is the official MCP server package provided by the vendor.
  • [COMMAND_EXECUTION]: Provides configuration templates that use shell commands (e.g., npx, ldcli) to initialize the MCP server or verify credentials. It also utilizes standard VS Code command: URI schemes (e.g., command:workbench.action.openSettings) to provide clickable shortcuts to editor settings panels.
  • [CREDENTIALS_UNSAFE]: Addresses the management of LaunchDarkly API access tokens for local MCP installations. The skill follows best practices by:
  • Using a blocking decision point (D4-LOCAL) to warn users about the risks of AI agents handling secrets.
  • Recommending that users add configuration files (like .cursor/mcp.json) to .gitignore when they contain literal token values.
  • Promoting the use of environment variables over hardcoded strings where supported.
Audit Metadata
Risk Level
SAFE
Analyzed
May 14, 2026, 02:36 PM
Security Audit — agent-trust-hub — mcp-configure