@json-render/mcp

Name: json-render/mcp
Author: vercel-labs

View on GitHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill allows arbitrary code execution via its

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

@json-render/mcp: MCP Apps integration that serves json-render UIs as interactive MCP Apps inside Claude, ChatGPT, Cursor, VS Code, and other MCP-capable clients.

Actually does

This skill provides a Node.js server implementation using `@json-render/mcp` to create an MCP application. It defines a catalog of UI components, registers a `render-ui` tool, and serves an HTML resource by reading `dist/index.html` from the filesystem. Client-side React code uses `useJsonRenderApp` to render UIs received via `postMessage` within an iframe, with client configurations provided to execute the Node.js server via `npx tsx server.ts --stdio`.

Threat Analysis

AI Agent Traps ↗Scanned 5/5/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namevercel-labs/json-render/mcp

Registrygithub

Version14873b8de451

PURLpkg:github/vercel-labs/json-render@14873b8de451?skill=mcp

Stars14,582

Installs573

Source

Repository ↗SKILL.md ↗

SHA-256706ccd32b510...

SHA-1ababd91a0a8e...

MD5f06c53958fec...

TLSH837182515523...

Size3,528 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

GitHub

https://github.com/vercel-labs/json-render

573 installs

Skills.shDocs

npx skills add https://github.com/vercel-labs/json-render

402 installs

Assessments (1)

AI Agent Traps ↗

Arbitrary Command Execution via MCP Server Configcriticalcommand execution

The skill's configuration for MCP clients (Cursor, Claude Desktop) explicitly defines a 'command' field that executes arbitrary shell commands (e.g., 'npx tsx server.ts'). This allows for arbitrary code execution on the host system if the configuration is compromised or maliciously crafted.

100% confidence

command: "npx", args: ["tsx", "server.ts", "--stdio"]

Local File System Read Accesslowdata exfiltration

The server component reads local files (e.g., 'dist/index.html') using 'fs.readFileSync'. While used for legitimate purposes in the example, this capability could be exploited by a compromised server to read sensitive files from the local filesystem.

70% confidenceline 31

html: fs.readFileSync("dist/index.html", "utf-8")

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/mcp.svg)](https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/mcp)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/github/vercel-labs/json-render/mcp"><img src="https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/mcp.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/github/vercel-labs/json-render/mcp.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow