CopilotKit-agent-patterns
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only CopilotKit guide with no executable code, though users should scope any copied MCP, API key, and shared-state examples carefully.
This skill appears safe as documentation. Before copying its examples into a real project, verify any MCP server you connect to, scope API keys narrowly, and avoid putting secrets or unnecessary private data into AG-UI state snapshots.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user copies this pattern with an untrusted MCP server, agent data or tool actions could cross a service boundary the user did not intend.
The rule purposefully teaches users to connect agents to MCP endpoints, which creates an external tool/data boundary. This is expected for the skill, but endpoint trust and permissions remain important.
Use MCP (Model Context Protocol) server configuration to give agents access to external tools and data sources... mcpEndpoints: [{ endpoint: "https://mcp-server.example.com/sse", apiKey: process.env.MCP_API_KEY }]Use only trusted MCP endpoints, document what data and tools each endpoint can access, and prefer least-privilege MCP credentials.
A copied implementation may grant an MCP server access under the user's account or workspace permissions.
The documentation includes an example of passing an API key to an MCP endpoint. It is environment-based and not hardcoded, but it still represents delegated access to an external service.
apiKey: process.env.MCP_API_KEY
Use narrowly scoped API keys, keep them in a secret manager or environment configuration, and rotate them if exposed.
Sensitive or excessive state could be exposed to the frontend or persisted longer than intended if developers copy examples without filtering.
The skill intentionally teaches shared state snapshots between agent and frontend. The artifact also gives appropriate mitigation guidance, but users should notice that state may be transmitted and reused.
State snapshots are serialized as JSON and sent over the wire. Keep them minimal — include only the state the frontend needs to render UI.
Only include frontend-needed fields in state snapshots, avoid secrets and raw datasets, and keep per-thread isolation as recommended by the skill.