Trust Assessment
mcp-builder received a trust score of 57/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary command execution via user-controlled `stdio` parameters.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution via user-controlled `stdio` parameters The `evaluation.py` script allows users to specify an arbitrary command, its arguments, and environment variables via the `--command`, `--args`, and `--env` command-line options when using the `stdio` transport. These parameters are directly passed to a subprocess execution mechanism (`mcp.client.stdio.stdio_client`) on the host system. This enables arbitrary code execution and potential data exfiltration (e.g., by running `bash -c 'printenv'`) on the machine running the evaluation script. 1. **Restrict executable commands**: If `stdio` transport is essential, implement a strict whitelist of allowed commands and their arguments. Do not allow arbitrary executables or arguments. 2. **Sanitize environment variables**: Only allow a predefined set of safe environment variables, or explicitly filter out sensitive ones. Do not allow arbitrary user-defined environment variables. 3. **Isolate execution environment**: Run the MCP server subprocess in a sandboxed environment (e.g., Docker, containerization) with minimal privileges and restricted network/filesystem access to prevent host system compromise. 4. **Consider alternative transports for untrusted servers**: For evaluating untrusted MCP servers, prefer transports like HTTP/SSE where the server runs in a separate, isolated process and communication is over a well-defined protocol, reducing the direct command execution risk. | LLM | scripts/evaluation.py:180 | |
| MEDIUM | Unpinned Python dependency version Requirement 'anthropic>=0.39.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/seanphan/mcp-builder/scripts/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'mcp>=1.1.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Dependencies | skills/seanphan/mcp-builder/scripts/requirements.txt:2 |
Scan History
Embed Code
[](https://skillshield.io/report/6e33c51b72de4afd)
Powered by SkillShield