ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MCP OAuth

v1.0.0

Add OAuth 2.0 PKCE authentication to a remote MCP server. Use this skill whenever the user wants to add authentication to an MCP server, protect MCP tools wi...

0· 137·0 current·0 all-time
byLuca@lucaperret
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim to add OAuth PKCE to an MCP server and the instructions implement that. However the SKILL.md references Redis, Next.js route files, the mcp-handler library, and runtime env vars (e.g., NEXT_PUBLIC_SITE_URL) and implicitly expects upstream OAuth client IDs/secrets or provider metadata. The registry metadata lists no required env vars, binaries, or dependencies, which is inconsistent with the implementation work the instructions describe.
!
Instruction Scope
The runtime instructions tell the implementer/agent to create endpoints that store sessions and tokens in Redis, perform dynamic client registration, handle PKCE flows, and perform redirects to upstream OAuth providers. The SKILL.md reads environment variables (NEXT_PUBLIC_SITE_URL and uses an undeclared redis object) and assumes network calls to third-party OAuth providers. It does not explicitly list or require the Redis connection string, upstream client credentials, or other sensitive config—so the instruction scope accesses and handles sensitive data without declaring or justifying the required secrets or configuration steps.
Install Mechanism
No install spec and no code files beyond SKILL.md and evals.json: this is instruction-only, so nothing will be automatically downloaded or executed by the installer. That's the lowest install risk.
!
Credentials
The manifest declares no required environment variables or credentials, but the instructions clearly rely on runtime configuration (site URL, Redis connection, likely provider client IDs/secrets, possibly callback URLs). That absence is a red flag: code that manages OAuth tokens and sessions normally needs secrets and secure storage; the skill neither declares nor explains them, so required privileges and secrets are under-specified and could be misapplied.
Persistence & Privilege
always is false, the skill is user-invocable and can be invoked autonomously (the platform default). The skill doesn't request permanent agent-wide privileges or attempt to modify other skills or system-wide configs.
What to consider before installing
This skill appears to implement an OAuth PKCE flow for MCP servers, but the package metadata omits the real runtime requirements. Before installing or using it, ask the author (or require the skill to document) the exact environment/config needed: - Which env vars are required (e.g., NEXT_PUBLIC_SITE_URL, REDIS_URL, upstream provider client_id and client_secret if any)? - What npm packages must be installed (mcp-handler, Next.js dependencies)? - Where are tokens/sessions stored and how should they be secured (Redis config, TLS, access controls)? - Confirm the intended redirect_uri whitelist and whether 'none' auth on token endpoint is acceptable for your upstream provider. Also: do not deploy this to production until you verify TLS is enforced, secrets are stored in a secure vault, and the Redis instance is access-controlled. If the author provides a clear list of required env vars, dependency list, and secure deployment instructions, many of the concerns above would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cvj18tdy73b9y7459ft7sh58365vy

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔒 Clawdis

Comments