mcp-graveyard

SUSPICIOUS. The skill’s local file access and optional config pruning fit its stated purpose, but its execution model is weaker than advertised: it relies on running an unpinned npm package via npx @latest, and the package/publisher provenance was not verified. No clear credential harvesting, exfiltration endpoint, or disproportionate permissions are present, so this is not malware-like, but the install/execute trust and mutable supply-chain exposure make it medium risk.