Dynamics Partner Advisor

PassAudited by ClawScan on May 1, 2026.

Overview

This is a coherent partner-search skill that openly connects to an external MCP service, with only setup and data-sharing considerations to review.

This skill appears safe for its stated purpose. Before installing, review the MCP server URL and npx setup, and avoid sending confidential business requirements, budgets, or vendor-selection information unless you trust the Top Dynamics Partners service.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing the MCP configuration may cause the agent environment to fetch and run a package from npm to connect to the hosted service.

Why it was flagged

The setup uses npx to run an MCP SSE bridge package without pinning a package version. This is a common, disclosed setup pattern, but users should recognize that setup depends on an external npm package.

Skill content

"command": "npx", "args": ["-y", "@modelcontextprotocol/server-sse", "https://topdynamicspartners.com/api/mcp/sse"]

Recommendation

Use the documented MCP package from a trusted source, consider pinning a known-good version if your client supports it, and review the MCP configuration before adding it.

Low

#ASI07: Insecure Inter-Agent Communication

What this means

Searches and project details used for recommendations may be shared with the Top Dynamics Partners service.

Why it was flagged

The skill relies on a hosted MCP endpoint, so user queries and tool parameters are sent to an external provider. This is disclosed and aligned with the live database purpose.

Skill content

This skill connects to a hosted MCP (Model Context Protocol) server ... SSE Endpoint: `https://topdynamicspartners.com/api/mcp/sse`

Recommendation

Avoid including sensitive internal requirements, budgets, or confidential vendor-selection details unless you trust the external service and its data practices.

Info

#ASI03: Identity and Privilege Abuse

What this means

If an API key is configured, the external service may associate requests with that account and allow higher-volume or richer queries.

Why it was flagged

The skill documents optional API-key access for enhanced features. This credential use is expected for the service and not required for basic access.

Skill content

Authenticated (API Key) ... Full profile + reviews ... Enhanced AI scoring ... Request an API key

Recommendation

Treat any API key as a credential, store it only in your agent’s approved secret mechanism, and remove it if you no longer use the service.