Oathe Security Badge

Is nftechie/transition-mcp safe?

https://github.com/nftechie/transition-mcp

94
SAFE

This is a legitimate fitness coaching skill that provides API access to the Transition multisport coaching service. The skill contains clean API documentation, legitimate MCP server code, and shows no signs of malicious intent.

Category Scores

Prompt Injection 98/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 95/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Honeypot file access during installation -10

Monitoring detected access to sensitive honeypot files (.env, SSH keys, AWS credentials) during the git clone installation process. However, this appears to be from normal system processes rather than malicious behavior by the skill itself.

INFO Executable code present -5

The skill contains Go source code for MCP server implementation and bash examples. All code appears legitimate and follows standard patterns for fitness API integration.