Scan Report
15 /100
agent-vitamins
Daily self-improvement for AI agents. Fetches curated briefs from Agent Vitamins with actionable improvements.
A legitimate documentation-only skill that fetches curated AI agent improvement briefs via MCP tools. No code execution, filesystem access, or credential handling. External service reference is clearly disclosed.
Safe to install
Safe to use. The skill is well-documented and requires user approval before any recommended improvements are implemented.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or inferred |
| Network | NONE | NONE | — | Network access delegated to MCP server; skill only provides recommendations |
| Shell | NONE | NONE | — | No shell execution in skill |
| Environment | NONE | NONE | — | No environment variable access |
| Skill Invoke | NONE | NONE | — | Skill only makes recommendations, does not invoke other skills |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser automation |
| Database | NONE | NONE | — | No database access |
1 findings
Medium External URL 外部 URL
https://agentvitamins.com SKILL.md:32 File Tree
1 files · 5.1 KB · 138 lines Markdown 1f · 138L
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
mcp-agent-vitamins | not specified | npm (npx) | No | External MCP package; verify integrity before use |
Security Positives
✓ Clear documentation with well-defined behavior and rules
✓ User approval required before implementing any recommendations
✓ No automatic code execution - purely advisory role
✓ No filesystem, shell, or credential access
✓ Transparent about external service dependency (agentvitamins.com)
✓ Honest skipping policy documented - explains why items are skipped