MCP Server Creator
PassAudited by ClawScan on May 1, 2026.
Overview
This is a high-level, instruction-only MCP server guide with no code, but users should carefully verify the external CLI/services and tightly scope any tools, credentials, and agent connections they create.
Before using this skill, verify any `mcp-server` CLI or package you install, use least-privilege API keys, keep database and file-system tools narrowly scoped, and restrict which agents can connect to any MCP server you deploy. The provided artifacts do not show hidden code, automatic background behavior, or credential misuse.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A server created from these instructions could let an AI agent reach files, databases, APIs, or commands if the user configures those tools broadly.
The skill is explicitly about creating tool servers that can give agents access to sensitive systems and command execution. This is purpose-aligned, but it is powerful and needs careful scoping.
MCP ... allows AI models to: - Access external tools and services - Interact with databases, APIs, and file systems - Execute code and commands
Expose only the specific tools needed, prefer read-only/database-limited permissions where possible, and require human review for high-impact actions.
Any API keys used with generated MCP servers could grant access to third-party services.
The artifact says credentials may be needed for external service integrations. This is expected for the purpose, and there is no evidence of credential logging, hardcoding, or unrelated use.
- API keys for external services (if needed)
Use service-specific, least-privilege keys, store them in environment variables or a secrets manager, and rotate/revoke them if no longer needed.
If a user installs or runs a similarly named external package, its safety depends on that package's real source and behavior.
The examples depend on an external `mcp-server` CLI, but this instruction-only artifact does not include or pin that CLI.
mcp-server create weather --api open-meteo mcp-server create database --type postgres mcp-server deploy --platform vercel
Verify the package source, maintainer, version, and install instructions before running any `mcp-server` command.
A misconfigured MCP server could expose tool access or data to unintended agents or sessions.
MCP servers connect agents to tools and services. The artifact does not specify authentication, client restrictions, or data-boundary controls.
- Connect to AI agents (Claude, OpenClaw, etc.)
Restrict which clients can connect, authenticate where supported, limit exposed tools, and separate development/test servers from production resources.