skills/phuryn/skills/mcp-builder/Gen Agent Trust Hub

mcp-builder

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches documentation and SDK README files from the official Model Context Protocol GitHub organization (github.com/modelcontextprotocol) and the official website (modelcontextprotocol.io). These are well-known and trusted sources for the technology discussed.
  • [COMMAND_EXECUTION]: Includes a utility script (scripts/evaluation.py) that launches and tests local MCP servers via standard input/output (stdio). This behavior is the intended and documented functionality of an evaluation harness and uses the official mcp library for subprocess management.
  • [CREDENTIALS_UNSAFE]: The documentation provides standard instructions for managing API keys, such as ANTHROPIC_API_KEY, through environment variables. The skill does not hardcode credentials and follows established security best practices for secret management in developer tools.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 11:49 AM
Security Audit — agent-trust-hub — mcp-builder