auditing-mcp-server-pre-trust

Community

Audit MCP servers before you trust them

Authorrocklambros
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill prevents risky MCP servers from being added to Claude Code by forcing a disciplined pre-trust review before installation or registration.

Core Features & Use Cases

  • License verification: Checks whether the repository has a permissive, explicit license suitable for redistribution and use.
  • Source and supply-chain review: Evaluates commit history, contributor patterns, suspicious code, and other red flags that can indicate compromise or hidden behavior.
  • Network and secret safety: Identifies outbound connections, telemetry, version-pin issues, and unsafe secret handling before the MCP is trusted.
  • Least-privilege tool review: Reviews the tool surface exposed by the MCP and flags oversized or destructive permissions.
  • Use Case: A security engineer asks whether a community GitHub MCP should be added to a Claude Code workspace and needs a clear integrate, constrain, or reject decision.

Quick Start

Ask me to audit the MCP server you want to add and return the per-check verdicts, blocking issues, and final recommendation.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: auditing-mcp-server-pre-trust
Download link: https://github.com/rocklambros/rcs/archive/main.zip#auditing-mcp-server-pre-trust

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.