byted-bytehouse-mcp
Warn
Audited by Snyk on May 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads and runs an MCP server from a public GitHub URL (see SKILL.md and scripts like mcp_client.py and start_mcp_service.sh which use the git+https://github.com/volcengine/mcp-server@main... URL), then programmatically lists and calls tools and reads their outputs from that server—meaning untrusted third‑party code/content fetched at runtime can influence which tools are available and the agent's subsequent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill starts the MCP server at runtime via uvx/stdio with the '--from' git+https://github.com/volcengine/mcp-server@main#subdirectory=server/mcp_server_bytehouse URL, which fetches remote repository code and executes it as the server, so this is a runtime fetch that executes external code.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata