Create MCP Servers using Meta-MCP
v1.0.0Use the MCPHero Meta-MCP server inside AI clients (Claude Desktop, Cursor, etc.) to create, deploy, and manage MCP servers through the wizard pipeline. Use t...
⭐ 0· 83·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the instructions: the SKILL.md tells the agent how to register the Meta‑MCP endpoint, run the wizard pipeline, and deploy servers at api.mcphero.app. It does not request unrelated binaries, OS access, or unrelated cloud credentials. Note: the skill explicitly enables publishing servers that can wrap internal APIs and accept secrets (env vars / bearer tokens) — this is consistent with its purpose but raises operational security considerations for users.
Instruction Scope
The runtime instructions are narrowly scoped to using the Meta‑MCP wizard: creating sessions, polling async steps, submitting tool/env var selections, generating auth tokens, and editing your MCP client config (paths for Claude Desktop are specified). The instructions do require supplying env var values and placing Authorization headers into client config (i.e., secrets may be provided to the remote service). The skill does not instruct the agent to read arbitrary local files, system env vars, or exfiltrate data beyond the documented api.mcphero.app endpoint.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk. Nothing is downloaded or written by the skill itself.
Credentials
The skill declares no required environment variables or credentials. The wizard flow legitimately asks the user (or agent acting for the user) to submit environment variable values and bearer tokens for the servers it creates; these are proportional to the declared goal of deploying hosted MCP servers. Users should be aware those submitted secrets go to api.mcphero.app and will be stored/used by that service.
Persistence & Privilege
always:false and default autonomous invocation settings; the skill does not request permanent inclusion or modify other skills or system-wide configs. It only suggests edits to the user's MCP client config to register the created server, which is expected for this functionality.
Assessment
This skill appears coherent and does what it says: it helps you create and deploy MCP servers via the remote endpoint at api.mcphero.app. Before using it, verify you trust api.mcphero.app (there's no homepage or source listed), and be cautious about submitting production secrets or internal endpoints. Specifically: (1) confirm the security/privacy/retention policies of mcphero.app; (2) prefer scoped or short‑lived credentials when providing bearer tokens or env vars; (3) test with a staging/internal account before exposing sensitive internal APIs; and (4) review how your MCP client stores Authorization headers (they may be written to disk). If you cannot verify the service operator, treat the skill as potentially privacy‑sensitive even though its behavior is consistent with its stated purpose.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzbb44svanm6mntjp94vvsn83be9q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.