mcp-builder
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/evaluation.pyutility allows users to test their locally developed MCP servers. It facilitates the execution of server commands (e.g.,python server.pyornode index.js) and interacts with them via standard I/O or network protocols (SSE/HTTP). This is standard functionality for a developer-oriented tool. - [EXTERNAL_DOWNLOADS]: The skill retrieves protocol specifications and SDK documentation from official sources, including
modelcontextprotocol.ioand themodelcontextprotocolGitHub organization. These are well-known technology resources and the downloads are used for providing context to the agent during development. - [DATA_EXFILTRATION]: No evidence of unauthorized data exfiltration was found. The skill includes instructions for secure secret management, advising users to provide API keys through environment variables rather than hardcoding them. Network communication is limited to the defined protocol (MCP) and communication with the Anthropic API for evaluating server responses.
- [PROMPT_INJECTION]: The instructions do not contain any patterns typical of prompt injection or bypass attempts. The use of instructional terms like 'IMPORTANT' is restricted to identifying critical steps in the development and testing workflow.
- [REMOTE_CODE_EXECUTION]: The skill uses established, version-pinned libraries from official registries (
mcp,anthropic). There is no evidence of downloading and executing scripts from untrusted or unknown remote sources.
Audit Metadata