fiddler-mcp-setup
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: Uses local shell and PowerShell commands to detect installed applications and running processes (e.g., ps, Get-Process). These are used solely for environment detection and configuration.
- [DATA_EXFILTRATION]: Uses curl to interact exclusively with localhost endpoints. No sensitive data is transmitted to external or untrusted domains.
- [EXTERNAL_DOWNLOADS]: Configures Claude Desktop to use npx mcp-remote. This is a standard bridge utility for MCP transport and is only used to enable connectivity.
- [PROMPT_INJECTION]: Processes local application settings and agent configuration files. While this represents an indirect injection surface, the risk is mitigated by using standard JSON parsing and limiting operations to the local filesystem.
Audit Metadata