MCP Server Creator
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mcp-server Version: 1.0.0 The skill bundle contains only metadata and documentation (SKILL.md) describing how to create and deploy Model Context Protocol (MCP) servers. There is no executable code, and the instructions are consistent with the stated purpose of building AI tool integrations without any indicators of malicious intent or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A server created from these instructions could let an AI agent reach files, databases, APIs, or commands if the user configures those tools broadly.
The skill is explicitly about creating tool servers that can give agents access to sensitive systems and command execution. This is purpose-aligned, but it is powerful and needs careful scoping.
MCP ... allows AI models to: - Access external tools and services - Interact with databases, APIs, and file systems - Execute code and commands
Expose only the specific tools needed, prefer read-only/database-limited permissions where possible, and require human review for high-impact actions.
Any API keys used with generated MCP servers could grant access to third-party services.
The artifact says credentials may be needed for external service integrations. This is expected for the purpose, and there is no evidence of credential logging, hardcoding, or unrelated use.
- API keys for external services (if needed)
Use service-specific, least-privilege keys, store them in environment variables or a secrets manager, and rotate/revoke them if no longer needed.
If a user installs or runs a similarly named external package, its safety depends on that package's real source and behavior.
The examples depend on an external `mcp-server` CLI, but this instruction-only artifact does not include or pin that CLI.
mcp-server create weather --api open-meteo mcp-server create database --type postgres mcp-server deploy --platform vercel
Verify the package source, maintainer, version, and install instructions before running any `mcp-server` command.
A misconfigured MCP server could expose tool access or data to unintended agents or sessions.
MCP servers connect agents to tools and services. The artifact does not specify authentication, client restrictions, or data-boundary controls.
- Connect to AI agents (Claude, OpenClaw, etc.)
Restrict which clients can connect, authenticate where supported, limit exposed tools, and separate development/test servers from production resources.