auto-skill-mcp

v1.0.0 suspicious
4.0
Medium Risk

One MCP server that auto-serves skills to agentic coding tools

πŸ€– AI Analysis

Final verdict: SUSPICIOUS

The package shows low individual risks but raises concerns due to the suspicious metadata and rapid commit history, suggesting potential issues with the package's origin or legitimacy.

  • Metadata risk at 7/10 due to recent repository creation and rapid commit history.
  • Shell risk at 5/10, particularly concerning on Windows systems.
Per-check LLM notes
  • Network: No network calls detected, which is low risk.
  • Shell: Execution of shell commands on Windows systems could be used for malicious purposes if not properly justified within the package's functionality.
  • Obfuscation: No obfuscation patterns detected, indicating low risk of malicious obfuscation.
  • Credentials: No credential harvesting patterns detected, indicating low risk of malicious activity related to secret management.
  • Metadata: The repository's recent creation and rapid commit history, along with the maintainer's new account status, raise suspicion.

πŸ“¦ Package Quality Overall: Medium (5.4/10)

✦ High Test Suite 9.0

Test suite present β€” 3 test file(s) found

  • Test runner config found: pyproject.toml
  • 3 test file(s) detected (e.g. test_installer.py)
β—ˆ Medium Documentation 5.0

Some documentation present

  • Detailed PyPI description (3317 chars)
β—‹ Low Contributing Guide 4.0

No contributing guide or governance files found

  • Development Status classifier >= Beta
β—ˆ Medium Type Annotations 7.0

Partial type annotation coverage

  • Type checker (mypy / pyright / pytype) referenced in project
  • 61 type-annotated function signatures detected in source
β—‹ Low Multiple Contributors 2.0

Single-author or unverifiable project

  • 1 unique contributor(s) across 9 commits in RahulRachhoya/auto-skill-mcp
  • Single author with few commits β€” possibly a personal or throwaway project

πŸ”¬ Heuristic Checks

βœ“ Outbound Network Calls

No suspicious network call patterns found

βœ“ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 2.0

Found 1 shell execution pattern(s)

  • .platform == "win32": os.system("") sys.stdout.reconfigure(encoding="utf-8") # type
βœ“ Credential Harvesting

No credential harvesting patterns detected

βœ“ Typosquatting

No typosquatting candidates detected

βœ“ Registered Email Domain

No author email provided

βœ“ Suspicious Page Links

All external links appear legitimate

⚠ Git Repository History score 7.5

Git history flags: Repository created very recently: 3 day(s) ago (2026-06-04T18:08:14Z)

  • Repository created very recently: 3 day(s) ago (2026-06-04T18:08:14Z)
  • Repository has zero stars and zero forks
  • All 9 commits happened within 24 hours
⚠ Maintainer History score 2.0

1 maintainer concern(s) found

  • Author "Rahul Rachhoya" appears to have only 1 package on PyPI (new or inactive account)
βœ“ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

πŸ’‘ AI App Starter Prompt

Use this prompt to build a project with auto-skill-mcp 
Create a versatile code completion tool called 'AutoSkillCraft' using the Python package 'auto-skill-mcp'. This tool will serve as an intelligent assistant for developers, providing real-time code suggestions and enhancing productivity. Here’s a detailed plan on how to build it:

1. **Setup Environment**: Begin by setting up your development environment with Python and installing the 'auto-skill-mcp' package.
2. **Initialize MCP Server**: Use 'auto-skill-mcp' to initialize a server that can automatically manage and serve various coding skills (e.g., language-specific syntax rules, common coding patterns, etc.) to the tool.
3. **Design User Interface**: Develop a simple yet effective user interface where users can input their code snippets and receive suggestions. Consider integrating a command-line interface (CLI) for simplicity.
4. **Implement Skill Integration**: Utilize 'auto-skill-mcp' to dynamically integrate these skills into the tool. Ensure that the tool can understand context and provide relevant suggestions based on the current code snippet.
5. **Enhance with Additional Features**: To make 'AutoSkillCraft' more useful, add features such as error detection, suggestion ranking based on relevance, and support for multiple programming languages.
6. **Testing and Optimization**: Rigorously test the application across different scenarios to ensure reliability and efficiency. Optimize performance and user experience based on feedback.
7. **Documentation and Deployment**: Write comprehensive documentation explaining how to use 'AutoSkillCraft', including setup instructions and examples. Finally, deploy the tool so others can benefit from it too.

This project leverages 'auto-skill-mcp' to streamline the process of building an intelligent code completion tool, making it easier for developers to enhance their coding speed and accuracy.

πŸ’¬ Discussion Feed

Leave a comment

No discussion yet. Be the first to share your thoughts!