rudder-mcp-setup

SUSPICIOUS: the skill’s purpose and configuration steps are internally consistent with RudderStack’s official MCP docs, and data flows go to the expected RudderStack domain. However, the setup depends on a non-RudderStack third-party npm package (`mcp-remote`) to handle OAuth/MCP traffic, which creates a meaningful supply-chain and credential-forwarding risk even though the package is publicly versioned and documented.