CREA DDF MCP
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for connecting an agent to CREA DDF, but users should verify the separate MCP package and protect the DDF credentials they configure.
Before installing, make sure you have a trusted copy of the referenced CREA DDF MCP server, review its code and dependencies, and configure DDF credentials only in a trusted runtime. Prefer scoped client credentials, avoid password grant unless required, and keep agent access limited to approved DDF queries and fields.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or anything running the configured MCP server may be able to access CREA DDF data using the supplied account permissions.
The skill asks users to provide DDF account credentials so the MCP/CLI can access the provider API. This is expected for the stated integration, but it is sensitive delegated account access.
`DDF_CLIENT_ID` + `DDF_CLIENT_SECRET` ... `DDF_USERNAME` + `DDF_PASSWORD`
Use least-privilege DDF credentials, prefer client-credentials over password grant when possible, store secrets in a proper secret manager or runtime environment, and rotate credentials if exposed.
If the referenced local package is not from a trusted source, running it could execute code with access to the configured DDF credentials.
The reviewed artifact is instruction-only and refers to building/running a local package that was not included in the scan, so the server code and dependencies cannot be verified from these artifacts.
`npm --workspace @fub/crea-ddf-mcp run build` ... `node packages/crea-ddf-mcp/dist/mcp-server.js`
Only wire this skill to a verified copy of the MCP server, inspect the package and dependencies, and pin or lock versions before use.
Using raw or overly broad DDF queries could retrieve data outside the intended workflow or conflict with licensing/display obligations.
The skill’s own safety guidance indicates that raw calls or broad field selection may be possible and should be governed, even though typed tools are preferred.
Prefer typed tools (`ddf.search_properties`, `ddf.get_property`) over raw calls. Keep field selections to allowlisted safe sets unless governance is updated.
Default to typed tools, keep field allowlists narrow, and require explicit user approval or governance review before using raw calls or expanded field sets.
An agent with access to this MCP server can query DDF data through the configured credentials while the server is registered.
The MCP server becomes a tool boundary between the agent runtime and the credentialed DDF service. This is the intended design, but it means runtime/tool permissions matter.
Register MCP server in your OpenClaw tool runtime ... Export DDF credentials into the OpenClaw runtime environment ... Validate by calling tools
Register the server only in trusted runtimes, restrict which agents can call it, monitor usage, and avoid placing credentials in shared or untrusted environments.