ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MCP Tool Utils

v1.0.0

MCP (Model Context Protocol) utilities and helpers. Tools for connecting, configuring, and managing MCP servers with OpenClaw.

0· 26·0 current·0 all-time
by@kikikari
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's purpose (MCP utilities) matches the examples and endpoints shown (mcp.tavily.com, mcp.exa.ai, etc.), but the package contains only SKILL.md and package.json and no installer or implementation for the referenced mcp-tool-utils CLI/library. That mismatch (documented CLI but no provided binary or install instructions) is unexpected.
!
Instruction Scope
Runtime instructions reference running a CLI (mcp-tool-utils), calling mcpUtils.discover/call, and editing openclaw.json; they also show using an environment variable ($TAVILY_KEY) and placing an API key directly in a server URL. The SKILL.md instructs interactions with external MCP servers (expected) but also suggests practices (embedding secrets in URLs) that risk leaking credentials. The instructions do not declare where the CLI comes from or how to obtain it.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk, which is low risk. However, because the instructions expect an external mcp-tool-utils CLI/library, lack of an install source is an operational gap the user must resolve before use.
!
Credentials
SKILL.md shows using $TAVILY_KEY and embedding API keys in openclaw.json URLs, but the skill metadata declares no required environment variables or primary credential. That discrepancy (instructions requiring secrets while the manifest requests none) is a red flag: it increases the chance of misconfiguration and secret leakage, and the skill gives no guidance on required scopes or where credentials are stored.
Persistence & Privilege
The skill does not request always:true, does not declare system config paths, and is not installing persistent components. It does not attempt to modify other skills or agent-wide settings based on the provided materials.
What to consider before installing
This skill describes a CLI and shows interactions with external MCP servers but provides no implementation or install instructions and doesn't declare the API key it expects. Before installing or using it: 1) ask the publisher for the CLI source (trusted package registry or GitHub releases) and verify its integrity; 2) do not paste API keys into URLs — prefer environment variables or a secure config with limited scope; 3) confirm which environment variables/credentials are required and why; 4) verify the MCP server endpoints and that you trust those third parties; 5) if you must provide secrets, use least privilege keys and rotate them after testing. These inconsistencies are likely sloppy engineering but could lead to accidental key leakage, so proceed cautiously. Additional information that would change the assessment: a clear, reputable install source for mcp-tool-utils, an explicit list of required environment variables/credentials, and guidance on secure storage/usage of API keys.

Like a lobster shell, security has layers — review code before you run it.

integrationvk97886s1ks4244qpmq1rqr8en9853s96latestvk97886s1ks4244qpmq1rqr8en9853s96mcpvk97886s1ks4244qpmq1rqr8en9853s96utilitiesvk97886s1ks4244qpmq1rqr8en9853s96
26downloads
0stars
1versions
Updated 16h ago
v1.0.0
MIT-0
@kikikari
integrationlatestmcputilities
Download

MCP Tool Utils

Hilfsmittel für MCP (Model Context Protocol) Integration.

Was ist MCP?

Model Context Protocol (MCP) ermöglicht:

  • Standardisierte Tool-Schnittstellen
  • Multi-Server Management
  • Kontext-Austausch zwischen Agenten

Features

1. MCP Server Management

# Server konfigurieren
mcp-tool-utils add-server --name tavily --url https://mcp.tavily.com

# Liste aller Server
mcp-tool-utils list-servers

# Status prüfen
mcp-tool-utils check-health tavily

2. Tool Discovery

// Alle verfügbaren Tools anzeigen
const tools = await mcpUtils.discover({
  server: "tavily"
});

// Ergebnis:
// [
//   { name: "tavily_search", description: "..." },
//   { name: "tavily_extract", description: "..." }
// ]

3. Konfiguration Sync

# OpenClaw.json mit MCP-Servern synchronisieren
mcp-tool-utils sync --to openclaw

# Oder zu mcporter
mcp-tool-utils sync --to mcporter

Unterstützte Server

ServerURLTools
Tavilyhttps://mcp.tavily.comtavily_search, tavily_extract
Exahttps://mcp.exa.aiexa_search
Firecrawlhttps://mcp.firecrawl.devfirecrawl_scrape, firecrawl_crawl

Integration mit OpenClaw

in openclaw.json

{
  "mcp": {
    "servers": {
      "tavily": {
        "url": "https://mcp.tavily.com/mcp/?tavilyApiKey=..."
      }
    }
  }
}

Verwendung

const result = await mcpUtils.call({
  server: "tavily",
  tool: "tavily_search",
  params: {
    query: "API documentation",
    max_results: 5
  }
});

Hilfsfunktionen

FunktionBeschreibung
validateConfig()Prüft MCP-Konfiguration
generateTypes()TypeScript-Definitionen
monitorLatency()Server-Performance-Monitoring
backupServers()Server-Konfig sichern

CLI

# Server hinzufügen
mcp-tool-utils add tavily --api-key $TAVILY_KEY

# Tool aufrufen
mcp-tool-utils call tavily tavily_search "query=API docs"

# Health-Check
mcp-tool-utils health

Links

Comments

Loading comments...