Volkern MCP Server

This package looks like a legitimate MCP server for Volkern CRM, but there are important inconsistencies you should resolve before installing or running it: - Verify the source: the registry entry lacks a homepage and has an unknown owner ID. Prefer installing only from an official Volkern release (official website or the GitHub repository referenced in package.json). - The code and SKILL.md require a VOLKERN_API_KEY (and optionally VOLKERN_API_URL). The registry metadata omitted this — treat that as a red flag and confirm the key requirement explicitly. - If you proceed, create an API key with the minimal permissions needed (only the scopes listed in SKILL.md) and rotate it if you stop using the skill. - Review package.json and the included dist/index.js yourself (or have someone you trust review it) to ensure there are no hidden network endpoints or unexpected behaviors beyond calling the configured VOLKERN_API_URL. - Run the MCP server in a sandboxed environment or limited container (network egress rules, no sensitive host mounts) first to observe behavior, and monitor outbound connections (it defaults to https://volkern.app/api). - If you need higher assurance, request the upstream repository URL or an official vendor statement confirming this release and that the registry metadata should declare the VOLKERN_API_KEY requirement. Because the functionality itself matches the description but the manifest/metadata omissions and packaging-to-install inconsistencies are concerning, treat this skill cautiously until provenance and required environment variables are confirmed.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.