Trust Assessment
mcp-integration received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Potential Data Exfiltration via Arbitrary Tool Arguments, Excessive Permissions via Untyped Tool Arguments.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Arbitrary Tool Arguments The 'mcp' tool's 'call' action allows the AI agent to send arbitrary JSON objects as arguments to external Model Context Protocol (MCP) servers. If the AI agent is prompted by a user to include sensitive or private data within these arguments, this data will be transmitted to the external MCP server. This constitutes a direct vector for data exfiltration to potentially untrusted third-party services. Implement explicit data sanitization or validation for tool arguments before they are sent to external MCP servers. Consider whitelisting allowed argument fields or types, or provide clear warnings to the AI agent and users about the risks of passing sensitive data to external tools. If possible, implement a mechanism for administrators to define stricter schemas or data policies for specific MCP tools. | LLM | src/index.js:129 | |
| MEDIUM | Unpinned npm dependency version Dependency '@modelcontextprotocol/sdk' is not pinned to an exact version ('^1.25.3'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/lunarpulse/mcp-adapter/package.json | |
| MEDIUM | Excessive Permissions via Untyped Tool Arguments The 'mcp' tool registers a 'call' action with an 'args' parameter defined as a generic 'object' type without a specific schema. This allows the AI agent to pass arbitrary JSON data to any tool on any configured MCP server. While this provides flexibility, it also grants excessive permissions, enabling a malicious or poorly-formed prompt to instruct the AI agent to interact with an MCP server in unintended ways, potentially leading to misuse of legitimate tools or interaction with malicious services. Define more specific JSON schemas for the 'args' parameter where possible, or implement a mechanism for administrators to configure stricter validation rules for tool arguments. This would limit the scope of data that can be passed and reduce the risk of unintended actions or data exposure. | LLM | src/index.js:108 | |
| LOW | Unpinned Dependencies in package.json The 'package.json' file uses caret (^) ranges for dependencies (e.g., '^1.25.3'). While common, this practice means that minor and patch versions can be updated automatically, potentially introducing breaking changes or security vulnerabilities from new versions without explicit review. This increases the supply chain risk compared to fully pinned dependencies. Pin all dependencies to exact versions (e.g., '1.25.3' instead of '^1.25.3') to ensure deterministic builds and prevent unexpected updates. Use a dependency auditing tool to regularly check for known vulnerabilities in all dependencies. | LLM | package.json:5 |
Scan History
Embed Code
[](https://skillshield.io/report/d46eb8fca57dc306)
Powered by SkillShield