Claude Code Agent

What to consider before installing or enabling this skill: - This package is an MCP orchestrator and will (on demand) spawn subprocesses to run MCP servers (examples use `npx -y ...`). That means it can download and execute code from npm at runtime — treat that like running arbitrary code. - The code forwards the entire process environment (process.env) to any spawned server. Do not run this skill in a process that already has sensitive secrets (AWS keys, GitHub tokens, Slack tokens, etc.) in environment variables unless you explicitly trust the child servers and have audited their behavior. - The skill reads and writes mcp_config.json in the current working directory by default and lets you set arbitrary config paths. Ensure those paths are safe and that the agent cannot be tricked into overwriting important system files. - The skill examples include launching filesystem and GitHub servers and calling tools like read_file — these will access local files and remote services if configured. Only configure servers with tokens or access scopes that you trust, and prefer least privilege tokens. - Mitigations: run the skill in an isolated environment (container or dedicated VM), sanitize environment variables before use (or modify createClient to restrict which env vars are forwarded), avoid running with high-privilege credentials in the process environment, and review the exact server packages you will launch with npx (or install them from vetted sources beforehand). Confidence notes: I marked this as suspicious (medium confidence) because the code is coherent with its stated purpose but includes behaviors (full env forwarding + dynamic npx execution + writing configs) that materially increase risk and are not explicitly called out as requiring careful handling in SKILL.md. If you can confirm the package is from a trusted, actively maintained repository and you will only launch vetted server packages with sanitized env/config, the practical risk is reduced.