tooluniverse-claude-code-plugin
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the 'uv' package manager from 'astral.sh' and a plugin marketplace from 'mims-harvard/ToolUniverse' on GitHub. Both sources are legitimate: 'astral.sh' is the official domain for the well-known 'uv' tool, and the GitHub repository belongs to the skill's author.- [REMOTE_CODE_EXECUTION]: The MCP server is executed via 'uvx tooluniverse', which downloads and runs the 'tooluniverse' package from the PyPI registry. This is the vendor's official package for scientific research tools.- [COMMAND_EXECUTION]: The skill provides targeted shell commands to remove legacy skill files from the user's local directories (e.g., '~/.claude/skills/tooluniverse-*'). This is a standard maintenance step to prevent interference with the plugin architecture.- [CREDENTIALS_UNSAFE]: Instructions for configuring API keys for scientific services (NCBI, NVIDIA, OncoKB) are provided using safe placeholders. The guidance follows standard practices for managing environment variables and configuration files in MCP servers.- [PROMPT_INJECTION]: The skill enables research across diverse external databases, creating an ingestion surface for scientific data.
- Ingestion points: 1000+ scientific tools and specialized skills (PubMed, OncoKB, etc.) that fetch data into the agent context.
- Boundary markers: None identified in the provided installation and setup documentation.
- Capability inventory: Shell execution for installation and diagnostics, and file system access for configuration and maintenance.
- Sanitization: Not explicitly covered in this installation guide; the focus is on environment preparation.
Audit Metadata