Servidor MCP para gerenciar apps do Nectar Dev Center (functions, settings, bundle, sync) de dentro de uma sessão Claude Code
LPM treats this as warn-only first-party agent extension lifecycle risk. The explicit `install-skills` command mutates the caller's Claude skill directory. Runtime MCP tools can read local app files and make authenticated, user-invoked Dev Center API changes; no covert attack path was established.
`dist/install-skills.js` explicitly copies packaged skills into `./.claude/skills/` when invoked with `install-skills`.
dist/install-skills.jsView on unpkg`dist/index.js` routes this mutation before configuration checks, so it can run without API credentials.
dist/index.jsView on unpkg`dist/tools/push.js`, `bundle.js`, and `writes.js` expose remote app mutation capabilities after explicit MCP tool calls.
dist/tools/push.jsView on unpkg`dist/install-skills.js` explicitly copies packaged skills into `./.claude/skills/` when invoked with `install-skills`.
dist/install-skills.jsView on unpkg`dist/index.js` routes this mutation before configuration checks, so it can run without API credentials.
dist/index.jsView on unpkg`dist/tools/push.js`, `bundle.js`, and `writes.js` expose remote app mutation capabilities after explicit MCP tool calls.
dist/tools/push.jsView on unpkg