Rename mcp-security-baseline -> mcp-implementation-security-review and sharpen description (#2257)

Renames the skill so its name makes the source-code-review scope explicit and
distinct from the existing config-focused `mcp-security-audit` skill (the
duplicate-detection check flagged the shared `mcp-security-` prefix; it is
advisory only). Also sharpens the description's first line to lead with
"implementation source code of MCP servers, clients, and tool handlers".

- Rename folder skills/mcp-security-baseline -> skills/mcp-implementation-security-review
- Update name field and H1 heading to match
- Regenerate docs/README.skills.md

Co-authored-by: Swetha Kumar <16600902+Swethakumar1@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This commit is contained in:
Swetha Kumar
2026-07-09 14:43:32 -07:00
committed by GitHub
parent 44ffa65c50
commit d203b6ee69
2 changed files with 4 additions and 4 deletions
@@ -1,7 +1,7 @@
---
name: mcp-security-baseline
name: mcp-implementation-security-review
description: |
Review MCP (Model Context Protocol) server and client source code against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:
Review the implementation source code of MCP (Model Context Protocol) servers, clients, and tool handlers against a security baseline — authentication, sessions, rate limiting, input-schema validation, official-SDK usage, RCE vectors, and the OWASP MCP Top 10 — producing a report with file/line evidence. Use this skill when:
- Reviewing an MCP server implementation for security before release
- Checking a server against the baseline controls (MCP-01 to MCP-05) and the OWASP MCP Top 10
- Auditing tools for RCE vectors (command/code injection, unsafe deserialization, path traversal, SSTI, dependency hijacking, SSRF)
@@ -10,7 +10,7 @@ description: |
- Requests like "review this MCP server for security" or "is my MCP server implementation secure?"
---
# MCP Security Baseline Review
# MCP Implementation Security Review
## Process