ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Sefaria MCP Server

v1.0.0

Access Jewish texts, commentaries, and daily study materials from Torah, Talmud, and more via the Sefaria MCP server.

0· 117·0 current·0 all-time
byAbraham Perl@abeperl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and listed tools align with a Sefaria MCP server adapter; asking the agent to run the sefaria-mcp-server package is coherent with the stated purpose. However, the skill metadata did not declare required binaries (npm/npx), which is an omission and reduces transparency.
!
Instruction Scope
SKILL.md instructs running 'npm install -g' or 'npx sefaria-mcp-server' and adding an MCP config that runs npx. Those instructions will download and execute third-party code at runtime — the instructions do not provide any safety guidance (no pinned version, no verification, no instructions to inspect code) and the manifest gives no indication that the agent will invoke package managers.
!
Install Mechanism
There is no install spec in the manifest, but runtime instructions rely on npm/npx to fetch a package from the public npm registry. Installing/executing an npm package (via npx or global install) is a moderate-to-high risk action because packages can contain install or postinstall scripts and arbitrary code; mitigating details (source verification, pinned versions) are absent though a GitHub repo and npm link are provided.
Credentials
The skill does not request environment variables, credentials, or config paths beyond instructing to modify the MCP config (which is appropriate). There are no unexplained secrets or unrelated credential requests.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The skill asks to add an MCP server entry to the agent's MCP config — this is expected behavior for an adapter and does not appear to modify unrelated skills or system-wide settings.
What to consider before installing
This skill appears to be a legitimate Sefaria MCP adapter, but it depends on downloading and running code from npm at runtime while the manifest fails to declare npm/npx as required. Before installing or allowing the agent to run it: - Inspect the npm package and GitHub repository (abeperl/sefaria-mcp-server). Verify the source, recent activity, maintainer identity, and issues/PRs. - Prefer a pinned package version rather than unpinned 'npx sefaria-mcp-server' to avoid surprise updates. - Review package.json and any install/postinstall scripts; run 'npm pack' and inspect the tarball before executing. - Avoid global installs; run in an isolated environment or container if possible. - If you cannot review the package, treat npx usage as running arbitrary code and exercise caution (do not run with elevated privileges or on sensitive hosts). If you want this skill but are uncomfortable running unpinned npm packages, ask the publisher for a signed release, a pinned version, or instructions for a self-hosted adapter built from the published GitHub source. If you need more certainty, provide the package's npm page or repository contents and I can help inspect them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a84p8539t3rvjms049ev0w1831z0p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Sefaria MCP Server

Access Jewish texts (Torah, Talmud, Mishnah, Midrash, Commentaries) via MCP.

Installation

npm install -g sefaria-mcp-server

Or run directly:

npx sefaria-mcp-server

Configuration

Add to your MCP config:

{
  "mcpServers": {
    "sefaria": {
      "command": "npx",
      "args": ["-y", "sefaria-mcp-server"]
    }
  }
}

Tools

ToolDescription
get_textGet text by reference (Genesis 1:1, Berakhot 2a, etc.)
searchFull-text search across all texts
get_linksGet commentaries and cross-references
get_parshaGet this week's Torah portion
get_calendarsDaily learning (Daf Yomi, Rambam, etc.)
get_book_infoBook metadata and structure
get_relatedRelated topics and source sheets

Examples

  • "What does Genesis 1:1 say? Show me the Hebrew and commentaries."
  • "Search for texts about loving your neighbor"
  • "What's this week's parsha?"
  • "What's today's Daf Yomi?"

Credits

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…