mcp-auth-expressjs-scalekit
Pass
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate developer tools for implementing OAuth authentication using the Scalekit SDK.
- [COMMAND_EXECUTION]: Includes a shell script (
scripts/scaffold-new-express-mcp.sh) to automate project setup. The script uses variable quoting to safely handle user-provided project names. - [CREDENTIALS_UNSAFE]: While the skill asks for sensitive credentials (API keys, client secrets), it correctly instructs users to store them in a
.envfile and provides an example file (assets/env.example) with placeholders instead of hardcoded values. - [EXTERNAL_DOWNLOADS]: Dependencies listed in
package.jsoninclude standard libraries and the official vendor SDK (@scalekit-sdk/node). These are well-known or vendor-owned packages.
Audit Metadata