MCP协议配置

The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md`. While `uv` is a legitimate tool, this `curl | sh` pattern is a high-risk practice that executes arbitrary code from a remote source, presenting a significant vulnerability for remote code execution if the source were compromised. Additionally, the skill's configuration involves handling API keys and mentions other MCP packages like `filesystem-mcp` and `github-mcp`, which imply broad system access capabilities that, if misused or exploited via prompt injection against the AI agent, could lead to unauthorized operations.