ClawHub

MCP Engineering

v1.0.0

Build, integrate, debug, and secure MCP servers and clients in any language, enabling AI agents to call external tools via Model Context Protocol.

0· 438·0 current·0 all-time
by@1kalin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (MCP engineering) match the SKILL.md content: templates, architecture guidance, and best-practices for building MCP servers and clients. There are no unrelated environment variables, binaries, or install steps requested that would be disproportionate to the stated purpose.
Instruction Scope
SKILL.md contains design guidance and example server templates (TypeScript/Python) and checklists. It does not instruct the agent to read or exfiltrate unrelated files or environment variables, nor does it direct data to unexpected external endpoints. The examples reference placeholder functions (e.g., fetchItem) and config values but do not include runtime steps that broaden scope beyond building/operationalizing MCP servers.
Install Mechanism
No install specification or code files are included; this is instruction-only, so nothing is downloaded or written to disk by the skill itself. That minimizes install risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The SKILL.md discusses auth patterns conceptually (api_key, oauth2) which is appropriate for a guide and does not request unrelated secrets.
Persistence & Privilege
always is false and the skill is user-invocable with normal autonomous invocation allowed. There is no indication the skill attempts to modify other skills or request persistent system-level privileges.
Scan Findings in Context
[no_code_to_scan] expected: The regex scanner had nothing to analyze because this is an instruction-only skill (no code files). That's expected for a documentation/guide skill; absence of findings is not proof of safety but is consistent with the package contents.
Assessment
This skill is a documentation and template guide for building MCP servers — it is internally coherent and doesn't request secrets or install code. Before using its templates in production, review and test any generated server code yourself (e.g., replace placeholder functions, add authentication, validate inputs, and secure network endpoints). Do not paste real API keys, database credentials, or production secrets into examples or into code you haven't reviewed. If you plan to follow its deployment advice, ensure you apply your organization’s security controls (TLS, auth, least privilege, logging/monitoring) and audit any third-party packages you add when implementing the templates.

Like a lobster shell, security has layers — review code before you run it.

agentvk9730bme35qd4y2308zjrc0f1h81m2phapivk9730bme35qd4y2308zjrc0f1h81m2phintegrationvk9730bme35qd4y2308zjrc0f1h81m2phlatestvk9730bme35qd4y2308zjrc0f1h81m2phmcpvk9730bme35qd4y2308zjrc0f1h81m2phmodel-context-protocolvk9730bme35qd4y2308zjrc0f1h81m2phservervk9730bme35qd4y2308zjrc0f1h81m2phtoolsvk9730bme35qd4y2308zjrc0f1h81m2ph

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments