Is 0xlucasliao/bnbchain-mcp safe?
https://github.com/openclaw/skills/tree/main/skills/0xlucasliao/bnbchain-mcp
This skill is a thin Python wrapper around the external 'bnbchain-mcp' MCP server package. The bundled code is clean with no prompt injection, data exfiltration, or malicious behavior detected during installation. The primary security concern is that the skill delegates all execution to an external PyPI package (bnbchain-mcp) that is not bundled or audited here, creating a supply chain trust dependency.
Category Scores
Findings (5)
MEDIUM External unaudited package execution via uv -25 ▶
The mcp-client.py script spawns 'uv run bnbchain-mcp' which downloads and executes an external Python package from PyPI that is not bundled with or audited as part of this skill. The security posture of this skill depends entirely on the trustworthiness of that external package.
LOW Unaudited external MCP server handles all data -15 ▶
All tool call arguments (token symbols, contract addresses, search queries, repo names) are passed to the external bnbchain-mcp server process. While this is expected for MCP functionality, the external server could forward this data anywhere.
LOW Shell command execution pattern in SKILL.md -5 ▶
SKILL.md instructs the agent to run shell commands (python3 scripts/mcp-client.py ...) which requires shell access. This is standard for MCP client skills but expands the agent's attack surface.
INFO Unimplemented list_tools command -5 ▶
The list_tools special case in mcp-client.py is unimplemented (just 'pass'), meaning calling it silently does nothing. This is a quality issue, not a security issue.
INFO Clean install with no suspicious activity -5 ▶
Installation completed via sparse git checkout with no unexpected network connections, process spawning, or filesystem modifications. All observed activity was from standard system processes and oathe monitoring infrastructure.