Trust Assessment
github-mpc received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 3 medium, and 0 low severity. Key findings include Missing required field: name, Sensitive environment variable access: $GITHUB_TOKEN, Excessive GitHub Token Permissions.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned Package Version in Setup Instructions The setup instructions for the GitHub MCP use 'npx -y @modelcontextprotocol/server-github' without specifying a version. This command will always fetch and execute the latest available version of the package. If a malicious update is published to this package, users following these instructions could unknowingly install and run compromised code, leading to a supply chain attack. Pin the package version in the setup instructions to a known good version (e.g., 'npx -y @modelcontextprotocol/server-github@1.2.3'). Regularly review and update the pinned version to incorporate security fixes and new features, but only after verifying the integrity of the new version. | LLM | SKILL.md:93 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/tsvetelin-kulinski/github-mpc/SKILL.md:1 | |
| MEDIUM | Sensitive environment variable access: $GITHUB_TOKEN Access to sensitive environment variable '$GITHUB_TOKEN' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tsvetelin-kulinski/github-mpc/SKILL.md:126 | |
| MEDIUM | Excessive GitHub Token Permissions The skill instructs users to grant the 'repo' scope to their GitHub Personal Access Token. The 'repo' scope provides full read/write access to private repositories, which may be excessive for the stated purpose of 'Repository search, code exploration' and 'get_file_contents'. A more granular scope like 'contents:read' (if available and sufficient for the MCP server) or 'public_repo' combined with 'read:org' might be more appropriate to follow the principle of least privilege. Advise users to use the least privileged GitHub token scopes necessary for the MCP server's functionality. Investigate if 'contents:read' or other more granular scopes are sufficient for the 'user-github' MCP, especially if only read operations are performed. | LLM | SKILL.md:100 |
Scan History
Embed Code
[](https://skillshield.io/report/fd2bce8a7ef07a6f)
Powered by SkillShield