copilot-mcp

Guides for using ai agents skills like copilot-mcp.

• Caveman: Cut Claude Token Use by 65%

  How agent-side prompt compression works, when to use it, and when not to.
• What is an AI Skills Marketplace?

  Definitions, how marketplaces work, and how to choose between them in 2026.
• Getting Started with AI Skills

Last scanned: 5/16/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@vscode/test-cli: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "ajv: ajv has ReDoS when using `$data` option",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "axios: Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
      "severity": "low"
    },
    {
      "type": "npm-audit",
      "message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "lodash: lodash vulnerable to Code Injection via `_.template` imports key names",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "mocha: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "protobufjs: Arbitrary code execution in protobufjs",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "simple-git: simple-git Affected by Command Execution via Option-Parsing Bypass",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "underscore: Underscore has unlimited recursion in _.flatten and _.isEqual, potential for DoS attack",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-05-16T06:23:26.964Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}