Histórico de Auditoria - mcp-builder

Versão da auditoria 5

Mais recente Baixo Risco

Jan 17, 2026, 06:04 AM

The mcp-builder skill is a documentation and guidance tool for building MCP servers. The 599 static findings are overwhelmingly false positives caused by the scanner flagging documentation content (code examples, security best practices) as executable code. The actual Python scripts (connections.py, evaluation.py) implement legitimate MCP server connections and evaluations without any malicious behavior.

11

Arquivos analisados

4,561

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

scripts/evaluation.py:327-329

External command execution in evaluation script

The evaluation.py script can execute external commands via stdio transport to spawn MCP server processes. This is legitimate intended functionality for testing MCP servers, controlled by documented arguments.

Fatores de risco

⚡ Contém scripts (2)

scripts/evaluation.py:1-374 scripts/connections.py:1-152

🌐 Acesso à rede (2)

scripts/connections.py:83-109 scripts/evaluation.py:228-230

⚙️ Comandos externos (1)

scripts/evaluation.py:312-318

Versão da auditoria 4

Baixo Risco

Jan 17, 2026, 06:04 AM

The mcp-builder skill is a documentation and guidance tool for building MCP servers. The 599 static findings are overwhelmingly false positives caused by the scanner flagging documentation content (code examples, security best practices) as executable code. The actual Python scripts (connections.py, evaluation.py) implement legitimate MCP server connections and evaluations without any malicious behavior.

11

Arquivos analisados

4,561

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

scripts/evaluation.py:327-329

External command execution in evaluation script

The evaluation.py script can execute external commands via stdio transport to spawn MCP server processes. This is legitimate intended functionality for testing MCP servers, controlled by documented arguments.

Fatores de risco

⚡ Contém scripts (2)

scripts/evaluation.py:1-374 scripts/connections.py:1-152

🌐 Acesso à rede (2)

scripts/connections.py:83-109 scripts/evaluation.py:228-230

⚙️ Comandos externos (1)

scripts/evaluation.py:312-318

Versão da auditoria 3

Baixo Risco

Jan 10, 2026, 01:36 PM

The mcp-builder skill is a documentation and guidance tool for building MCP servers. It contains educational content, reference materials, and evaluation scripts. The Python scripts handle MCP server connections and evaluations but do not execute arbitrary code or make unauthorized network calls. All functionality is legitimate and aligned with the stated purpose.

8

Arquivos analisados

1,124

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

scripts/evaluation.py:327-329

External command execution in evaluation script

The evaluation.py script can execute external commands via the stdio transport mode. This is used to spawn MCP server processes for testing, which is legitimate functionality but could be misused if arbitrary commands are provided.

Fatores de risco

⚡ Contém scripts (2)

scripts/evaluation.py:1-374 scripts/connections.py:1-152

🌐 Acesso à rede (2)

scripts/connections.py:83-109 scripts/evaluation.py:228-230

⚙️ Comandos externos (1)

scripts/evaluation.py:312-318

Versão da auditoria 2

Baixo Risco

Jan 10, 2026, 01:36 PM

The mcp-builder skill is a documentation and guidance tool for building MCP servers. It contains educational content, reference materials, and evaluation scripts. The Python scripts handle MCP server connections and evaluations but do not execute arbitrary code or make unauthorized network calls. All functionality is legitimate and aligned with the stated purpose.

8

Arquivos analisados

1,124

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

scripts/evaluation.py:327-329

External command execution in evaluation script

The evaluation.py script can execute external commands via the stdio transport mode. This is used to spawn MCP server processes for testing, which is legitimate functionality but could be misused if arbitrary commands are provided.

Fatores de risco

⚡ Contém scripts (2)

scripts/evaluation.py:1-374 scripts/connections.py:1-152

🌐 Acesso à rede (2)

scripts/connections.py:83-109 scripts/evaluation.py:228-230

⚙️ Comandos externos (1)

scripts/evaluation.py:312-318

Versão da auditoria 1

Baixo Risco

Jan 10, 2026, 01:36 PM

The mcp-builder skill is a documentation and guidance tool for building MCP servers. It contains educational content, reference materials, and evaluation scripts. The Python scripts handle MCP server connections and evaluations but do not execute arbitrary code or make unauthorized network calls. All functionality is legitimate and aligned with the stated purpose.

8

Arquivos analisados

1,124

Linhas analisadas

4

achados

claude

Auditado por

Problemas de Baixo Risco (1)

scripts/evaluation.py:327-329

External command execution in evaluation script

The evaluation.py script can execute external commands via the stdio transport mode. This is used to spawn MCP server processes for testing, which is legitimate functionality but could be misused if arbitrary commands are provided.

Fatores de risco

⚡ Contém scripts (2)

scripts/evaluation.py:1-374 scripts/connections.py:1-152

🌐 Acesso à rede (2)

scripts/connections.py:83-109 scripts/evaluation.py:228-230

⚙️ Comandos externos (1)

scripts/evaluation.py:312-318