build-mcp-use-server
Fail
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The documentation for Supabase deployment in
references/25-deploy/platforms/02-supabase.mdinstructs users to execute a remote script directly viacurl -fsSL https://url.mcp-use.com/supabase | bash. This execution pattern is a high-risk vector for supply chain attacks. - [EXTERNAL_DOWNLOADS]: The skill references and downloads configuration from external sources, including
cloud.langfuse.comandurl.mcp-use.com. Automated scanners flagged a placeholder URLhttps://langfuse.your-domain.cominreferences/23-debug/02-observability-langfuse.mddue to its reputation as a domain often used in phishing or suspicious examples. - [COMMAND_EXECUTION]: The skill provides scripts and instructions that perform significant filesystem modifications and execute shell commands to scaffold and audit MCP servers. Examples include
scripts/scaffold-mcp-use-server.shandscripts/audit-server-readiness.sh.
Recommendations
- CRITICAL: 1 infected file(s) detected - DO NOT USE
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata