Back to skill
Skillv1.0.0
ClawScan security
Sefaria API MCP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 9:03 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files, instructions, and runtime command are coherent with its stated purpose (running a Sefaria MCP server); nothing requested or installed appears disproportionate, though you should review the referenced GitHub code before running it in your environment.
- Guidance
- This skill appears internally consistent with running a Sefaria MCP server, but it relies on fetching and building code from GitHub before running. Before installing or executing: (1) inspect the repository (especially dist/index.js or source before build, package.json and lockfile) for unexpected network calls or postinstall scripts; (2) run npm install/build in a sandbox or CI environment first; (3) limit network and filesystem privileges for the process (run under a dedicated user, restrict outbound access if possible); and (4) if you don't trust the repo owner, prefer using the official Sefaria API endpoints directly or obtain the source from a verified upstream. If you want a deeper review, provide the upstream repository contents (source files) or the built dist/index.js for analysis.
Review Dimensions
- Purpose & Capability
- okThe name/description describe an MCP interface to the Sefaria API and the package provides a 'connect' tool that launches a node server and a 'use' helper that shows example MCP calls — these align with the stated purpose.
- Instruction Scope
- noteSKILL.md instructs cloning the GitHub repo, running npm install and build, and then launching dist/index.js. Those steps are expected for running a node-based MCP server, and the instructions do not ask for unrelated files or secrets, but they do direct the agent/user to fetch and execute third-party code.
- Install Mechanism
- noteThere is no registry install spec; the README/SKILL.md point to cloning a GitHub repo and running npm install/build. Using GitHub is standard, but npm install can pull transitive packages — review package.json/package-lock before installing.
- Credentials
- okThe skill requests no credentials or config paths. The only runtime environment value used is PORT for the server, which is proportional to running a web service.
- Persistence & Privilege
- okalways is false and the skill does not request elevated platform privileges or write to other skills' configs; it only starts a local node process (expected for a server tool).