Scan Report
5 /100
mcp-to-skill
Converts any MCP server into a standalone skill package with zero runtime dependencies (no MCP process required).
The mcp-to-skill skill is a legitimate MCP-to-skill converter with fully declared capabilities, no hidden functionality, and no indicators of malicious behavior.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | WRITE | WRITE | ✓ Aligned | SKILL.md: writes /tmp/mcp-schema-input.json, /tmp/mcp-inspector-output.json, and… |
| Network | READ | READ | ✓ Aligned | mcp_inspector.py: connects to MCP servers via stdio_client; SKILL.md declares ne… |
| Shell | WRITE | WRITE | ✓ Aligned | SKILL.md: pip install, python mcp_inspector.py, npm pack, tar; mcp_inspector.py:… |
File Tree
2 files · 12.8 KB · 378 lines Markdown 1f · 200L
Python 1f · 178L
├─
mcp_inspector.py
Python
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
mcp | * | pip | No | Version not pinned; installed on demand via 'pip show mcp' check |
Security Positives
✓ All shell operations are explicitly declared in SKILL.md (pip install, python script, npm pack, tar, ln -sf)
✓ No obfuscation: all code is plain Python, no base64, no eval, no hidden strings
✓ No credential theft: no access to ~/.ssh, ~/.aws, .env, or environment variable iteration for secrets
✓ No data exfiltration: no outbound network calls to external IPs, only local MCP stdio communication
✓ Source code fetching (npm pack/tar) is scoped to /tmp/mcp-to-skill-cache/ with a safe name derived from the package name
✓ No remote script execution: no curl|bash or wget|sh patterns
✓ Tool schema JSON parsing is read-only — no execution of MCP tool business logic
✓ Dependency (mcp Python SDK) is declared and reasonable for the use case
✓ Generated skill package separation (config.json vs secrets.json) demonstrates good security hygiene