mcp-builder
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command and Process Execution: The skill includes scripts designed to interact with MCP servers by launching local processes (using the stdio transport) or connecting to remote endpoints (via HTTP/SSE). This capability is central to the skill's purpose of testing and evaluating server implementations.
- External Documentation Retrieval: The instructions utilize web-fetching capabilities to retrieve protocol specifications and SDK documentation from official sources, including modelcontextprotocol.io and GitHub. These references target well-known repositories associated with the technology being implemented.
- Data Processing and Tool Interaction: The evaluation script (
scripts/evaluation.py) processes external data from XML files to prompt an AI model and interact with server tools. This architecture is standard for an automated testing harness, using structured tags (like<summary>and<response>) to maintain clear boundaries between instructions and data. - Environment and Secret Management: The skill follows industry standards for credential handling, instructing users to manage API keys through environment variables rather than hardcoding them in scripts.
Audit Metadata