MCP Engineering
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-mcp-engineering Version: 1.0.0 The skill bundle provides a comprehensive guide for building, integrating, securing, and scaling Model Context Protocol (MCP) servers. Both SKILL.md and README.md are educational in nature, offering detailed instructions, code templates, and best practices. Crucially, the SKILL.md explicitly identifies and warns against 'Dangerous Tool Patterns' such as SQL injection, shell command execution, SSRF, and arbitrary file writes, providing 'Safe Alternatives' and a thorough 'Security Checklist'. There is no evidence of prompt injection against the agent, data exfiltration, unauthorized execution, or any other malicious intent. The content is entirely aligned with its stated purpose of secure MCP engineering.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If users build MCP tools with broad write access, an agent could accidentally modify external services or local resources.
The skill teaches how to expose external services through MCP tools that agents can call. This is central to the stated purpose, but tool definitions can become risky if implemented too broadly.
Agent (Client) ←→ MCP Transport ←→ MCP Server ←→ External Service ... (API, DB, file system)
Keep tools granular, prefer read-only or idempotent actions where possible, and require explicit user approval for destructive or account-changing operations.
Poorly scoped API keys or OAuth tokens could give an MCP server more account access than intended.
The guide includes API key and OAuth authentication patterns for MCP servers. This is expected for integrating external services, but credentials must be scoped and protected.
auth_required: true | false auth_method: "api_key | oauth2 | none"
Use least-privilege credentials, avoid hardcoding secrets, document required scopes, and separate development credentials from production credentials.
A remotely exposed MCP server could leak data or accept unintended tool calls if authentication and client boundaries are weak.
The skill discusses MCP transports for production and multi-agent scenarios. Remote or multi-client MCP communication is purpose-aligned but needs clear authentication, origin, and permission boundaries.
Move to HTTP for production or multi-agent.
Use authenticated transports, restrict allowed clients, validate inputs, log tool calls, and avoid exposing sensitive resources over unauthenticated endpoints.
Users are relying on guidance from a source that is not linked to a verifiable upstream project.
The package has limited provenance metadata, though it does not include executable code or install steps.
Source: unknown Homepage: none No install spec — this is an instruction-only skill.
Cross-check important production and security guidance against official MCP documentation and trusted framework references.