Skill Audit Report
ai-skill-audit audit examples/mcp.json --verbose --output html
Source: examples/mcp.json
command_safety
20%
weight 30%
filesystem_scope
100%
weight 25%
secret_hygiene
60%
weight 20%
network_trust
100%
weight 25%
Verdict: warn
Profile: mcp-config
Malice: low
Capability: low
warn: no active security findings; profile=mcp-config
Details & Suggestions
command_safety (20%)
- [risky-server] Shell interpreter allows arbitrary command execution
- [risky-server] Inline code execution flag in args
filesystem_scope (100%)
- No overly broad filesystem access detected
secret_hygiene (60%)
- [risky-server] Secret/token in environment: API_SECRET has hardcoded value
network_trust (100%)
- No network exposure or suspicious URL issues
Some concerns MCP config (2 server(s), 3 finding(s), risk: CRITICAL) (weakest: command_safety)