ClawHub

mcp-builder

v1.0.0

Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).

1· 2k·14 current·14 all-time
byVeera@veeramanikandanr48
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md is a design-and-implementation guide for MCP servers and does not request binaries, env vars, or other credentials — that matches the declared metadata. However, the guide repeatedly refers to local reference files (./reference/*.md and LICENSE.txt) that are not included in the package, which is an inconsistency between the instructions and the provided files.
Instruction Scope
Instructions ask the agent to use WebFetch and web search to load external URLs (MCP spec and SDK READMEs) — this is reasonable for a development guide, but it means the agent will retrieve remote content. The SKILL.md also instructs the agent to load several local reference files which are missing from the skill bundle; that gap could cause unexpected behavior or lead the agent to search elsewhere for those documents.
Install Mechanism
There is no install specification and no code files; this is instruction-only, which minimizes on-disk installation risk.
Credentials
The skill declares no required environment variables or credentials and the instructions do not request secrets. This is proportionate for a documentation/guide skill.
Persistence & Privilege
The skill does not request always-on presence (always: false) and does not attempt to modify system or other-skills configuration. Autonomous invocation is allowed by default but not combined with other high-risk properties.
What to consider before installing
This appears to be a legitimate MCP server development guide, but take these cautions before installing or letting an agent use it: - Verify remote URLs: the SKILL.md instructs the agent to fetch resources from modelcontextprotocol.io and raw.githubusercontent.com. Confirm those domains and the specific files are official and safe to fetch. Prefer well-known release pages or repository tags when possible. - Missing local files: the guide references ./reference/*.md and LICENSE.txt, but the skill package contains only SKILL.md. Decide whether those local docs should be present; absent files may cause the agent to search the web or behave unpredictably. - Limit web access when testing: because the guide relies on WebFetch/web search, run it in a controlled environment or sandbox first to observe what external content is retrieved. - Do not provide credentials: the guide asks you to study API docs exhaustively but does not require credentials. Never paste API keys or secrets into prompts or fetched documents unless you explicitly trust and control the endpoint. - Review fetched content before allowing agent-driven automation: fetched raw files (especially raw GitHub content) are arbitrary text and could include instructions or links you do not want executed. If you want a safer install, ask the skill author to include the referenced reference/*.md files and LICENSE.txt in the package or to replace remote URLs with canonical, versioned release links.

Like a lobster shell, security has layers — review code before you run it.

latestvk971avdyabse2x8mz4vfa8b0kh808ts9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments