40Medium
The skill's wildcard `allowed-
Behavior Analysis
Description verified — behavior matches claim
Claims to do
MCP Integration for Claude Code Plugins: Model Context Protocol (MCP) enables Claude Code plugins to integrate with external services and APIs by providing structured tool access. Use MCP integration to expose external service capabilities as tools within Claude Code.
Actually does
This skill provides comprehensive documentation and configuration examples for integrating Model Context Protocol (MCP) servers into Claude Code plugins. It details how to configure `stdio` (executing local commands like `npx`), `SSE` (connecting to HTTPS URLs), `HTTP` (connecting to HTTPS URLs with headers), and `WebSocket` (connecting to WSS URLs with headers) server types. It also covers environment variable usage, security best practices, and debugging steps, but does not execute any commands or contact URLs itself.
Skill Info
Nameanthropics/claude-code/mcp-integration
Registrygithub
Version5c18c787f262
PURLpkg:github/anthropics/claude-code@5c18c787f262?skill=mcp-integration
Stars114,388
Installs455,628
Source
SHA-2561cbfb6b1cf98...
SHA-1144d8525277c...
MD5bd191bc9925b...
TLSH8a42b71295a9...
ssdeep384:Pp4ijiFm...
Size12,519 bytes
Install
This skill has been flagged as potentially malicious. Review the findings below before installing.
Assessments (1)
AI Agent Traps ↗Wildcard tool permissions increase attack surfacemediumautonomy abuse, privilege escalation
The 'allowed-tools' configuration supports wildcards, which, despite being warned against, can grant broad permissions. If an attacker can introduce malicious tools to an MCP server, a wildcard permission could allow the agent to use them, leading to unintended actions or privilege escalation.
80% confidenceline 218
allowed-tools: ["mcp__plugin_asana_asana__*"]
Version History (2)
Dependencies (13)
agent-sdk-dev.claude-plugin/marketplace.jsonnot scanned
claude-opus-4-5-migration.claude-plugin/marketplace.jsonnot scanned
code-review.claude-plugin/marketplace.jsonnot scanned
commit-commands.claude-plugin/marketplace.jsonnot scanned
explanatory-output-style.claude-plugin/marketplace.jsonnot scanned
feature-dev.claude-plugin/marketplace.jsonnot scanned
frontend-design.claude-plugin/marketplace.jsonnot scanned
hookify.claude-plugin/marketplace.jsonnot scanned
learning-output-style.claude-plugin/marketplace.jsonnot scanned
plugin-dev.claude-plugin/marketplace.jsonnot scanned
pr-review-toolkit.claude-plugin/marketplace.jsonnot scanned
ralph-wiggum.claude-plugin/marketplace.jsonnot scanned
security-guidance.claude-plugin/marketplace.jsonnot scanned
Badge
Markdown
[](https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/mcp-integration)HTML
<a href="https://mondoo.com/ai-agent-security/skills/github/anthropics/claude-code/mcp-integration"><img src="https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/mcp-integration.svg" alt="Mondoo Skill Check" /></a>Image URL
https://mondoo.com/ai-agent-security/api/badge/github/anthropics/claude-code/mcp-integration.svgSecure your AI agents
Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.
- Continuous scanning of skills across all registries
- Policy enforcement before skills reach your agents
- Integration with your existing security workflow