Skill Detail

MCP Server Development Guide

This skill helps you create MCP (Model Context Protocol) servers that let LLMs interact with external services.

GitHub:sickn33/antigravity-awesome-skills mcp-builder
version 4ad661e39df4
static analysis only
no human review yet
Needs Review

Current public label

Needs Review

Because the skill references credentials and makes network calls, it needs review to ensure it handles sensitive information safely.

This label is currently coming from the automated scorecard.

Automated result

Needs Review

Driftloom found the skill references credentials and makes network calls. It also found references to external endpoints.

3 medium, 3 low Final label: needs review.

Human review

No human review has been recorded yet.

The current public label is still relying on automation. A human has not weighed in yet.

What happened

Driftloom completed a static scan. It inspected the skill files, recorded findings, and generated a scorecard.

Runtime evidence

No sandbox runtime result has been recorded yet.

Driftloom currently recommends runtime testing for this version (priority 35).

What did not happen

  • Driftloom did not run this skill in an isolated sandbox yet.
  • This label is not a guarantee that the skill is safe, bug-free, or appropriate for every environment.
  • A good score does not replace human judgment when a skill touches secrets, shell access, or external systems.

Source provenance

Source: Workspace import

Originally ingested from a local workspace copy.

Scorecard

Safety
73
Quality
100
Transparency
64
Operational
92
Maintenance
64

3 medium, 3 low Final label: needs review.

Severity mix: 3 medium, 3 low

What Driftloom checked

  • Read the skill files and metadata to understand what the skill claims to do.
  • Looked for shell commands and risky command patterns, even if none stood out strongly.
  • Looked for external URLs, network calls, and signs the skill reaches outside the machine.
  • Looked for secret, token, password, and credential references.
  • Checked whether the skill structure and references looked internally consistent.

Findings

Secret or credential reference detected
secret.reference · safety
Medium

The source references credentials or secret material in executable or configuration context.

File: scripts/evaluation.py
Evidence: token
Programmatic network client usage detected
network.client_code · transparency
Medium

The source appears to make outbound HTTP calls in code.

File: reference/node_mcp_server.md
Evidence: requests.
Programmatic network client usage detected
network.client_code · transparency
Medium

The source appears to make outbound HTTP calls in code.

File: reference/python_mcp_server.md
Evidence: httpx.
Secret or credential reference detected
secret.reference · safety
Low

The docs mention credentials or secrets. That may be normal, but it still tells you the skill expects sensitive material somewhere in the workflow.

File: reference/evaluation.md
Evidence: API_KEY
Secret or credential reference detected
secret.reference · safety
Low

The docs mention credentials or secrets. That may be normal, but it still tells you the skill expects sensitive material somewhere in the workflow.

File: reference/python_mcp_server.md
Evidence: api_key
Explicit external endpoint reference detected
network.url_reference · transparency
Low

The docs reference an external endpoint or network flow in a context that likely matters to how the skill operates.

File: SKILL.md
Evidence: https://modelcontextprotocol.io/specification/draft.md`
Driftloom is following the boring, correct architecture: Django control plane first, isolated runner later. Miraculously, restraint survives.