Security risk report for @forgecat/anthropics_skills_mcp-builder v0.0.4
Source Integrity
Low
Profile is attributed to Anthropic (author field) with reference to official GitHub repository (https://github.com/anthropics/skills) and commit hash (5128e18), indicating legitimate upstream source.
Static scanner marked safe; content is educational guidance for MCP server development, not a malicious payload or supply-chain attack vector.
Agent Intent
Low
Content is educational documentation teaching MCP server development best practices (naming, tool design, error handling, security patterns) with no instructions to manipulate the AI, exfiltrate data, or bypass security controls.
References to external URLs (modelcontextprotocol.io, GitHub SDKs) are for legitimate documentation fetching, not malicious exfiltration or remote payload execution.
Security guidance (input validation, authentication, DNS rebinding protection) reinforces defensive practices rather than weakening them.
Details
Evidence
Phase 1.2: 'Start with the sitemap to find relevant pages: https://modelcontextprotocol.io/sitemap.xml' — legitimate documentation reference.
mcp_best_practices.md: 'Store API keys in environment variables, never in code' and 'Validate access tokens before processing requests' — standard security hardening.
node_mcp_server.md: 'Use Zod schemas for runtime input validation and type safety' — defensive input handling guidance.
Permissions
Low
Profile declares no tools, hooks, or MCP servers with executable permissions; it is pure educational markdown documentation.
Content teaches best practices for tool design (readOnlyHint, destructiveHint annotations) but does not itself request or exercise any dangerous capabilities.
Details
Evidence
Profile metadata: 'Dependencies: None' — no external tool dependencies.
No tool definitions, file_write, shell, or subagent declarations in the skill content.
mcp_best_practices.md documents tool annotations as 'hints, not security guarantees' — reinforces principle of least privilege.
MCP Risk
Low
No MCP servers are defined or embedded in this profile; it is a guide for building MCP servers, not a server itself.
Content provides secure MCP design patterns (input validation, error handling, authentication) without hidden instructions or dangerous configurations.
Details
Evidence
Profile metadata: 'MCP servers: (none)' — no server definitions present.
mcp_best_practices.md: 'Sanitize file paths to prevent directory traversal', 'Validate URLs and external identifiers' — defensive design guidance.