Scan Report
0 /100
mcp-oauth
Add OAuth 2.0 PKCE authentication to a remote MCP server
This is a documentation-only skill providing OAuth 2.0 PKCE implementation templates for MCP servers. No executable code, scripts, or dangerous capabilities are present.
Safe to install
No action needed. This skill is safe to use as it only provides code templates and documentation.
2 findings
Medium External URL 外部 URL
https://your-domain.com SKILL.md:49 Medium External URL 外部 URL
https://upstream-service.com/authorize SKILL.md:176 File Tree
2 files · 12.4 KB · 346 lines Markdown 1f · 331L
JSON 1f · 15L
├─
▾
evals
│ └─
evals.json
JSON
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ No shell, filesystem, network, or other sensitive tool access required
✓ Open source skill from known author (lucaperret) with MIT license
✓ Provides production-ready OAuth 2.0 PKCE patterns including proper redirect_uri validation
✓ Implements standard security practices: PKCE, short-lived tokens, secure random generation
✓ Includes proper session expiry (10 min for OAuth flow, 5 min for auth codes)