Jarvis MCP Filesystem
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to read and summarize files located in the configured workspace.
The skill exposes filesystem tools that can read file contents, list directories, search files, and inspect metadata. This matches the stated purpose and is shown as scoped to a workspace, but users should notice the agent can inspect workspace files.
Через `mcporter call --stdio "mcp-server-filesystem <root>" <tool> <args>` ... `read_file`, `list_directory`, `search_files`, `get_file_info`
Use this only with a workspace directory you are comfortable exposing to the agent, and verify that the MCP server root remains limited to the intended folder.
Installing the dependency will run and trust code from the npm package selected at install time.
The setup instruction installs a global npm package without a pinned version. This is purpose-aligned for an MCP filesystem skill, but the package contents and exact version are outside the provided artifacts.
npm install -g mcp-server-filesystem
Install from a trusted npm source, consider pinning or verifying the package version, and review the package provenance if using it in a sensitive environment.