N2 Stitch MCP

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill matches its Google Stitch proxy purpose, but it asks users to run an unpinned external npm MCP server with Google credentials and project-editing powers that are not clearly scoped.

Install only if you trust the n2-stitch-mcp npm/GitHub package. Prefer a pinned version, use a least-privilege or test Google/Stitch account, enable tool-call approvals, and avoid sending confidential design prompts or project data unless you are comfortable sharing them with the Stitch service and this MCP server.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A changed or compromised npm package could execute locally with the user's environment and any configured Stitch/Google credentials.

Why it was flagged

The skill delegates runtime behavior to an npm package fetched/executed by npx, with no version pin and no reviewed runtime code included in the provided artifacts.

Skill content

"command": "npx", "args": ["-y", "n2-stitch-mcp"]

Recommendation

Verify the npm/GitHub package before use, pin an exact version if possible, and prefer reviewed or locked dependencies for MCP servers with account access.

High

#ASI03: Identity and Privilege Abuse

What this means

The MCP server may be able to use the user's Google/Stitch account credentials to access or change resources beyond what the user intended.

Why it was flagged

The setup asks the user to provide Google Application Default Credentials or an API key, but the artifacts do not specify least-privilege scopes, project boundaries, or credential handling.

Skill content

gcloud auth application-default login ... export STITCH_API_KEY="your-key"

Recommendation

Use a least-privilege API key or separate test account/project where possible, avoid broad ADC credentials unless necessary, and revoke credentials when finished.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

If invoked incorrectly, the agent could create projects or modify existing Stitch screens using the user's account.

Why it was flagged

The exposed tools include broad read and mutation actions for Stitch projects/screens, but the instructions do not document user-confirmation requirements, allowlists, or safe-use limits.

Skill content

- **create_project** — Create a Stitch project ... - **list_projects** — List all projects ... - **edit_screens** — Edit existing screens

Recommendation

Enable MCP/tool-call approval prompts, restrict use to intended projects, and review generated or edited screens before relying on them.