ClawHub

mcp-llm-inference

PassAudited by ClawScan on May 10, 2026.

Overview

This appears to be a straightforward LLM-inference MCP server, but users should know it sends prompts to a third-party API and has some configuration/provenance inconsistencies to verify.

This skill is reasonable for pay-per-request LLM inference, but treat all prompts as data shared with the configured provider. Verify the npm package namespace/version and use NAUTDEV_BASE_URL if you need to control the endpoint, since the declared L402_API_BASE_URL is not what the code reads.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI07: Insecure Inter-Agent Communication
What this means

Anything the agent includes in a prompt may be sent to the external LLM service.

Why it was flagged

The skill sends chat messages or prompts supplied to the MCP tool to an external LLM API. This is purpose-aligned, but those prompts may contain sensitive user or agent context.

Skill content
const result = await apiFetch(`/api/v1/llm/chat`, {
        method: "POST",
        body: JSON.stringify(body),
      });
Recommendation

Do not send secrets, private files, credentials, or confidential business content through this tool unless you trust the configured provider and its data handling.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

Installing later could run whatever version is resolved from npm at that time.

Why it was flagged

The setup runs an npm package via npx. This is a common MCP installation pattern, but it relies on the npm package source and does not pin an exact package version in the command.

Skill content
"command": "npx",
      "args": ["-y", "@vbotholemu/mcp-llm-inference"]
Recommendation

Verify the npm package owner and consider pinning the package version before use.

Low
#ASI09: Human-Agent Trust Exploitation
What this means

A user who sets only L402_API_BASE_URL may believe they changed the API endpoint when the code will still use the default nautdev.com endpoint.

Why it was flagged

The implementation uses NAUTDEV_BASE_URL, while SKILL.md declares and configures L402_API_BASE_URL. This can confuse users about which endpoint their prompts will be sent to.

Skill content
const BASE_URL = process.env.NAUTDEV_BASE_URL || "https://api.nautdev.com";
Recommendation

Confirm the intended environment variable and endpoint before installing or invoking the tool.