ClawHub
Back to skill

Security audit

Mcp Builder Anthropic

Security checks across malware telemetry and agentic risk

Overview

This is a coherent MCP server-building guide with optional evaluation scripts, but users should run and copy its examples carefully around credentials, reports, and network exposure.

Install only if you are comfortable using it as a developer guide plus optional executable evaluation harness. Run evaluations against trusted, read-only test MCP servers, use narrowly scoped test tokens, review generated reports for private data, pin dependencies before repeatable use, and harden copied examples before production deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The guide explicitly demonstrates using `ctx.elicit(..., input_type="password")` to ask the user for an API key, even though the skill is a general MCP server construction guide rather than a credential-handling or authentication design document. This can normalize insecure collection of secrets by generated tools and may lead builders to prompt end users for credentials directly without storage, scoping, consent, or redaction safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The HTTP transport example shows how to expose an MCP endpoint over the network without any authentication, authorization, origin restrictions, or warning about internet exposure. If copied into production, this could let unauthorized clients invoke server tools, potentially reaching sensitive APIs or triggering side effects through whatever capabilities the MCP server exposes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation tells readers how to request an API key from a user but provides no privacy, retention, masking, or safe-handling guidance. In a code-generation or implementation guide, this omission increases the chance that developers will build tools that collect secrets interactively and then accidentally log, persist, echo, or over-scope them.

Ssd 3

Medium
Confidence
97% confidence
Finding
The system prompt explicitly instructs the model to include tool inputs and outputs in <summary> tags, and those summaries are then persisted in the evaluation report. If tool calls include secrets, personal data, auth tokens, or sensitive business data, the harness can cause the model to echo that material into logs or saved reports, creating a secondary disclosure channel.

Unpinned Dependencies

Low
Category
Supply Chain
Content
anthropic>=0.39.0
mcp>=1.1.0
Confidence
96% confidence
Finding
anthropic>=0.39.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
anthropic>=0.39.0
mcp>=1.1.0
Confidence
97% confidence
Finding
mcp>=1.1.0

Known Vulnerable Dependency: anthropic — 2 advisory(ies): CVE-2026-34450 (Claude SDK for Python has Insecure Default File Permissions in Local Filesystem ); CVE-2026-34452 (Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox)

Low
Category
Supply Chain
Confidence
88% confidence
Finding
anthropic

Known Vulnerable Dependency: mcp — 3 advisory(ies): CVE-2025-53366 (MCP Python SDK vulnerability in the FastMCP Server causes validation error, lead); CVE-2025-66416 (Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection); CVE-2025-53365 (MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to )

High
Category
Supply Chain
Confidence
96% confidence
Finding
mcp

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.