References external URL — review for indirect prompt injection risk
Vettd coreOWASP LLM03External URL(s) detected in SKILL.md — referenced content can change after audit
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
This skill includes a SKILL.md descriptor and ships with scripts. Security observation: references external URL.
Vettd Verdict
The overall verdict combines pass, warning, and failure signals across our checks. Click to see how each check is computed.Driven by visible structure and security signals in the submitted skill files.
Link points to the repository’s default branch (current HEAD). Certification reflects the state of the repo on May 1, 2026. Scanned at 5128e186.
security
External URL(s) detected in SKILL.md — referenced content can change after audit
Scanned text content for instruction override, jailbreak framing, credential solicitation, and embedded injection markers
Scanned all files for credentials, private keys, and code-level risks (eval, shell exec, destructive ops)
/ coming soon
/ coming soon
/ coming soon
/ coming soon
best practices
Found code blocks, input/output samples, or an examples section — concrete samples help agents pattern-match effectively
SKILL.md body references files in references/, scripts/, or assets/ — agents can load additional context on demand instead of consuming everything upfront
231 lines (recommended: under 500)
Structured procedures improve reliability for complex tasks
description
Good: description explains when to activate the skill
277/1024 characters used
evals
Add an evals/ directory with test prompts and expected outputs to measure skill quality
scripts
Add argument parsing with --help output so agents know the script's interface
Script documents its interface via --help or argument parsing
Uses JSON/CSV output which is easily parseable by agents
structure
Bundled executable scripts found
Required skill definition file found
Name "mcp-builder" follows spec (lowercase, hyphens, ≤64 chars)