mcp-builder
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches documentation and SDK README files from the official Model Context Protocol GitHub organization (
github.com/modelcontextprotocol) and the official website (modelcontextprotocol.io). These are well-known and trusted sources for the technology discussed. - [COMMAND_EXECUTION]: Includes a utility script (
scripts/evaluation.py) that launches and tests local MCP servers via standard input/output (stdio). This behavior is the intended and documented functionality of an evaluation harness and uses the officialmcplibrary for subprocess management. - [CREDENTIALS_UNSAFE]: The documentation provides standard instructions for managing API keys, such as
ANTHROPIC_API_KEY, through environment variables. The skill does not hardcode credentials and follows established security best practices for secret management in developer tools.
Audit Metadata