Security risk report for @forgecat/anthropics_claude-plugins-official_mcp-server-dev v0.0.4
Source Integrity
Low
Profile is sourced from Anthropic's official claude-plugins-official repository (GitHub: anthropics/claude-plugins-official), a trusted first-party source.
Metadata declares Author: Anthropic, Original repository URL, and License: Apache-2.0 — all verifiable and legitimate.
Static scanner assigned safe level; no supply-chain risk detected.
Agent Intent
Low
Content is educational guidance for building MCP servers and interactive UI widgets — it teaches design patterns, deployment models, and best practices without instructing the AI to perform malicious actions.
References to OAuth, token storage, and security hardening are descriptive (e.g., 'MUST NOT request passwords via elicitation') and reinforce security constraints, not bypass them.
No instructions to ignore system prompts, exfiltrate credentials, read sensitive files, install remote payloads, or hide its own instructions; no prompt injection or guidance poisoning detected.
elicitation.md: 'MUST NOT request passwords, API keys, or tokens via elicitation — spec requirement.'
auth.md: 'Token passthrough is explicitly forbidden. Don't accept a token, then forward it upstream.'
remote-http-scaffold.md: 'Secrets from env vars, never hardcoded.'
Permissions
Low
Profile declares no tools or MCP servers — it is pure markdown documentation and skill definitions (SKILL.md files with descriptions and guidance).
No file_write, file_delete, shell, or other high-risk operations requested; the profile teaches users how to build servers, not how to grant excessive authority to them.
Guidance emphasizes principle of least privilege (e.g., 'readOnlyHint: true' for search tools, 'Prefer search_items before get_item').
Details
Evidence
Profile metadata: 'description: Skills for designing and building MCP servers' — no tool declarations.
build-mcp-server/SKILL.md: 'Your first job is discovery, not code' — guides safe design, not unsafe permissions.
remote-http-scaffold.md: 'annotations: { readOnlyHint: true }' on search and get tools.
MCP Risk
Low
Profile declares no MCP servers — it is a collection of skills (markdown instructions) for guiding developers, not a server definition with tool bindings.
Content teaches MCP server design best practices, including security hardening (auth validation, token audience checks, CSP sandbox constraints for widgets).
No hidden instructions in tool descriptions, no arbitrary binary execution, no unrestricted network/filesystem access requested.
Details
Evidence
Profile metadata: 'version: 0.0.4' with no 'mcp_servers' or 'tools' sections.