Mcp App Builder

v0.1.0

Build new MCP Apps (MCP servers with React UI output) using @modelcontextprotocol/ext-apps and the MCP SDK. Use when asked to scaffold or implement MCP App s...

⭐ 0· 561·2 current·2 all-time

byPrompt Circle@hollaugo

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description match the included assets and SKILL.md: a runnable MCP App template (server + single-file React UI) and an authoritative spec. Required files, dependencies, and patterns (registerAppTool/registerAppResource, createServer(), createMcpExpressApp, vite single-file) are coherent with the stated goal; no unrelated credentials, binaries, or config paths are requested.

ℹ

Instruction Scope

Instructions are narrowly focused on scaffolding, implementing, building, and serving MCP Apps using the provided template and exact dependency versions. They read local project files (e.g., serving built HTML from dist/) and suggest optionally exposing the local server via a tunnel (cloudflared) for testing — that exposure is operationally risky if done insecurely but is not itself malicious. The SKILL.md does not instruct reading secrets or arbitrary host files.

✓

Install Mechanism

No install spec is included (instruction-only), and the template relies on standard npm/tsx tooling declared in package.json. There are no download URLs or archives that would write arbitrary code at install time.

✓

Credentials

The skill declares no required environment variables or credentials. The code uses non-secret env values (PORT and build INPUT) only. There are no requests for unrelated tokens/keys or access to other skill configs.

✓

Persistence & Privilege

always is false, the skill is user-invocable and may be invoked autonomously (platform default). It does not request permanent presence, nor does it modify other skills or system-wide settings.

Assessment

This appears to be a legitimate MCP App scaffolding template. Before installing or running it: (1) review and, if desired, pin/verify the npm dependencies in package.json (trust the @modelcontextprotocol packages used); (2) run builds and the server locally first — the template serves local HTML from the dist/ directory; (3) be cautious if you follow the instructions to expose your dev server with a tunnel (e.g., cloudflared) because that makes your local service publicly reachable; and (4) there are no secret env vars requested, but audit any added code or third-party packages you install from npm for supply-chain risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ej72fevw8a0tqnvhf6b3d3981ybqq

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Mcp App Builder

License

Comments