Doctor of Credit
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: doc-mcp Version: 0.1.0 The skill provides a standard Model Context Protocol (MCP) interface for searching and reading content from the Doctor of Credit personal finance website. It uses 'npx' to execute a legitimate-looking package (@guava-tech/doc-mcp) and interacts with the WordPress REST API. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found in the SKILL.md or _meta.json files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may download and run code from npm to provide the MCP tools.
The skill relies on running an external npm package through npx, but the package implementation is not included in the submitted artifacts and no pinned package version is shown.
mcpServers:\n doc-mcp:\n command: npx\n args: ["-y", "@guava-tech/doc-mcp"]
Only install if you trust the publisher/package source, and prefer a pinned or reviewed package version where possible.