SkillTotal

Is Gk MCP server safe?

@gitkraken/gk is an AI npm_package analyzed by SkillTotal's deterministic static scanner. The scan found no malicious indicators, though 4 risky constructs are reported for review. It can: filesystem read, filesystem write, install time execution and shell execution — capabilities are what the code can do, not a verdict on intent. Risk score 0/100 (low).

@gitkraken/gk 3.1.68

npm_package · npm:@gitkraken/gk
LOW
0
/ 100 malicious-risk
Snapshot · scanned Jun 20, 2026 · @gitkraken/gk@3.1.68 · engine 0.18.0 / ruleset 19
No malicious indicators - review capabilities before installing
Notable — review in context (capabilities are not malware):
  • Node.js shell/command execution
  • npm install-time lifecycle hook
  • Node.js filesystem read

No malicious indicators found by static analysis.

Capabilities — what this component can do (not a risk score):
filesystem readfilesystem writeinstall time executionshell execution

Findings (4)

HIGHnpm install-time lifecycle hookST-INSTALL-NPM

package.json runs scripts automatically when the package is installed.

package.json:7-7 
"postinstall": "node install.js",

Why it matters: Install scripts are a favorite supply-chain foothold — they execute on every machine that installs the package.

Fix: Inspect the hook command. Install-time scripts are a common supply chain execution vector; ensure they do nothing beyond a documented build step.

HIGHNode.js shell/command executionST-SHELL-NODE

The component can run operating-system commands or spawn processes.

lib.js:10-10 
import { spawnSync } from "child_process";
lib.js:105-105 
let result = spawnSync(path.join(binDir, bin), args, {

Why it matters: Powerful and often legitimate — confirm the commands aren't built from untrusted input.

Fix: Confirm the command and its arguments are fully controlled and not derived from untrusted input; prefer execFile with an argument array.

MEDIUMNode.js filesystem readST-FS-NODE-READ

The component reads files from disk.

lib.js:14-14 
fs.readFileSync(new URL("./package.json", import.meta.url), "utf8"),
lib.js:71-71 
const zipData = fs.readFileSync(zipPath);
lib.js:173-173 
.update(fs.readFileSync(filename))

Why it matters: Usually legitimate, but worth confirming it can't be steered into reading sensitive files.

Fix: Confirm which files are read and that paths cannot be influenced by untrusted input to reach sensitive locations.

MEDIUMNode.js filesystem write/deleteST-FS-NODE-WRITE

The component writes or deletes files on disk.

lib.js:57-57 
fs.rmSync(wrappedDir, { recursive: true, force: true });
lib.js:90-90 
fs.writeFileSync(file, content);
lib.js:219-219 
const writer = fs.createWriteStream(filename);

Why it matters: Usually legitimate, but worth confirming the paths can't be controlled by untrusted input.

Fix: Confirm which files are written/deleted and that paths cannot be influenced by untrusted input.

Check your own component

Run the same evidence-backed scan on any MCP server, agent skill, or package.

Scan your own component

Or get notified if this component's risk changes:

How we determine this: deterministic static analysis (regex + AST), evidence-anchored, no code execution. Methodology →