secure-mcp-install
✓This skill should be used when the user asks to install or audit an MCP server, especially from third-party sources. Security-focused: clones at pinned commits, runs security scans.
Installation
SKILL.md
This skill provides a security-focused workflow for installing MCP servers from third-party sources. It implements a "trust but verify" approach: clone the repository at a specific commit, run automated security scans, perform manual review of critical areas, then install with updates disabled.
Review the output. Any HIGH severity findings require manual investigation before proceeding.
If approved, install the MCP server at the audited commit.
This skill should be used when the user asks to install or audit an MCP server, especially from third-party sources. Security-focused: clones at pinned commits, runs security scans. Source: hartreeworks/skill--secure-mcp-install.
Facts (cite-ready)
Stable fields and commands for AI/search citations.
- Install command
npx skills add https://github.com/hartreeworks/skill--secure-mcp-install --skill secure-mcp-install- Category
- !Security
- Verified
- ✓
- First Seen
- 2026-02-17
- Updated
- 2026-02-18
Quick answers
What is secure-mcp-install?
This skill should be used when the user asks to install or audit an MCP server, especially from third-party sources. Security-focused: clones at pinned commits, runs security scans. Source: hartreeworks/skill--secure-mcp-install.
How do I install secure-mcp-install?
Open your terminal or command line tool (Terminal, iTerm, Windows Terminal, etc.) Copy and run this command: npx skills add https://github.com/hartreeworks/skill--secure-mcp-install --skill secure-mcp-install Once installed, the skill will be automatically configured in your AI coding environment and ready to use in Claude Code or Cursor
Where is the source repository?
https://github.com/hartreeworks/skill--secure-mcp-install
Details
- Category
- !Security
- Source
- skills.sh
- First Seen
- 2026-02-17