Full Potential Intelligence
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill coherently connects your agent to a disclosed remote MCP intelligence service, with the main cautions being trust in the remote service, the npm connector, and optional API-key or credit-spending tools.
This appears to be a coherent, instruction-only remote MCP skill. Before installing, make sure you trust fullpotential.ai and the mcp-remote connector, avoid sending sensitive information in queries or field reports, and require confirmation before any tool that registers an agent, submits reports, or spends credits.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill means trusting the mcp-remote package and the fullpotential.ai MCP service to provide the listed tools safely.
The skill relies on an external npm-executed MCP bridge and a remote MCP endpoint. This is disclosed and central to the skill, but the artifacts do not pin or audit the external package or remote service.
"command": "npx", "args": ["-y", "mcp-remote", "https://fullpotential.ai/mcp", "--transport", "sse-only"]
Only install if you trust the provider and connector; where possible, pin or review the MCP bridge package and monitor changes to the remote service.
If enabled, an agent could submit field reports or spend service credits when using the metered tools.
The skill exposes write actions and metered tools that can submit information or consume credits. These actions are disclosed and purpose-related, but should be user-approved.
**Write (free, needs API key):** ... `contribute_intelligence` — Submit field reports ... **Metered (costs credits):** `frontier_scan` ... `build_assessment` ...
Require explicit approval before using write or metered tools, and review what will be submitted or how many credits will be spent.
An API key could authorize service actions such as contributions or credit use.
The skill can create or use an API key for its service. This credential need is disclosed in the tool list, though it is not declared as a registry credential requirement.
`register_agent` — Self-register, get API key instantly
Treat the API key as a credential, store it securely, and revoke or rotate it if you stop using the service.
Information you include in MCP requests or field reports may be visible to the remote service.
The skill connects the user's agent to a remote MCP provider, so prompts, tool calls, and submitted field reports may be sent to that service. This is expected for the stated remote intelligence purpose.
Real-time AI frontier intelligence network via MCP ... "https://fullpotential.ai/mcp"
Avoid sending confidential or sensitive information unless you trust the provider and its data handling practices.