Trust Assessment
mcp-builder received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 0 high, 3 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Command Injection via Command-Line Arguments in Evaluation Harness.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 16, 2026 (commit ccf6204f). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via Command-Line Arguments in Evaluation Harness The `evaluation.py` script, which functions as an MCP server evaluation harness, directly accepts `--command` and `--args` command-line arguments. These arguments are then passed without any sanitization or validation to `scripts.connections.create_connection` and subsequently to the `mcp.client.stdio.stdio_client` function for subprocess execution. This design allows an attacker to execute arbitrary shell commands on the system running the evaluation harness by crafting malicious command-line arguments. For instance, an argument like `--command 'rm -rf /'` or `--command 'python' --args '-c' 'import os; os.system("evil_script.sh")'` could be used to compromise the host system. While the harness is intended to run untrusted MCP servers, the harness itself should not facilitate arbitrary command execution from its own arguments without robust safeguards. Implement strict validation and whitelisting for the `--command` and `--args` arguments in `evaluation.py`. Only allow known, safe executables and arguments, or require explicit user confirmation for executing untrusted commands. Alternatively, strongly recommend and provide guidance for running the evaluation harness within an isolated and sandboxed environment (e.g., Docker container, virtual machine) to mitigate the risk of arbitrary code execution on the host system. The script should also provide clear security warnings to users about the implications of running untrusted commands. | Static | scripts/evaluation.py:260 | |
| MEDIUM | Unpinned Python dependency version Requirement 'openai>=1.60.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | mcp-builder/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'mcp>=0.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | mcp-builder/scripts/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'mcp>=1.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | mcp-builder/scripts/requirements.txt:3 |
Scan History
Embed Code
[](https://skillshield.io/report/21602a030bce1da2)
Powered by SkillShield