Skills
skills/yigitkonur/skills-by-yigitkonur/build-mcp-use-apps-widgets/Gen Agent Trust Hub

build-mcp-use-apps-widgets

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary instructions and reference guides instruct the agent to execute a variety of shell commands on the host system to initialize and build projects. These include scaffolding apps with npx create-mcp-use-app, installing dependencies with npm install, and running development servers with mcp-use dev and npx mcp-use dev.
  • [REMOTE_CODE_EXECUTION]: The deployment documentation in references/patterns/deployment.md provides a deployment recipe that includes piping a remote script directly to the shell: curl -fsSL https://url.mcp-use.com/supabase | bash. While this is part of the framework's documented deployment flow, the pattern executes remote code without prior integrity verification.
  • [EXTERNAL_DOWNLOADS]: The framework relies extensively on downloading packages from the npm registry and other external sources during the application scaffolding, build, and deployment processes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 12:30 AM