mcp-builder
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches the latest protocol documentation and SDK references from verified official sources, including 'modelcontextprotocol.io' and 'github.com/modelcontextprotocol'.
- [COMMAND_EXECUTION]: The provided Python utilities in the 'scripts/' directory allow for spawning local MCP server processes via standard input/output (stdio). This is a standard and necessary component of the Model Context Protocol for inter-process communication during development and testing.
- [SAFE]: No hardcoded credentials or sensitive data exposure patterns were identified. The skill follows industry best practices by instructing users to utilize environment variables for managing API keys.
- [SAFE]: Analysis of the Python scripts and markdown instructions revealed no signs of obfuscation, malicious persistence, or data exfiltration. The skill's behavior is entirely consistent with its stated purpose as a developer tool.
Audit Metadata