mcp-apps-builder
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of documentation and instructional Markdown files designed to guide developers through the use of the mcp-use framework.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and trusted external services such as Auth0, Clerk, Supabase, and Keycloak for authentication integration. These references are documented neutrally as legitimate service integrations.
- [REMOTE_CODE_EXECUTION]: Documentation includes instructions for standard development commands like
npx create-mcp-use-appandnpm install. These are part of the intended developer workflow for scaffolding and managing dependencies and do not constitute a security risk. - [COMMAND_EXECUTION]: Command-line examples for deployment (
mcp-use deploy) and project management are provided as part of the framework's core functionality. - [CREDENTIALS_UNSAFE]: The instructions explicitly follow security best practices by advising developers to use environment variables (e.g.,
process.env.API_KEY) and.envfiles for managing secrets rather than hardcoding them in the source code.
Audit Metadata