build-mcp-use-client
Pass
Audited by Gen Agent Trust Hub on May 10, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides diagnostic scripts (
check-mcp-use-version.sh,diagnose-client.sh) designed to audit local project configurations and dependencies. These scripts are read-only and serve a legitimate development purpose. - [SAFE]: The skill includes extensive security documentation, specifically a dedicated guide on anti-patterns that warns against critical risks like hardcoding credentials or using the Node.js VM module for untrusted code.
- [SAFE]: Instructions for dynamic code execution (Code Mode) are accompanied by clear isolation requirements and recommendations for using secure cloud sandboxes (E2B) in production environments.
- [SAFE]: External downloads and network operations involving standard registries (npm) and well-known providers (GitHub, OpenAI, Anthropic, Linear) are used correctly within the context of SDK integration and authentication patterns.
Audit Metadata