ClawHub

MCP Vercel

v1.0.0

Deploy a remote MCP server on Vercel with Next.js and mcp-handler. Use this skill whenever the user wants to create an MCP server, deploy MCP to Vercel, set...

0· 135·0 current·0 all-time
byLuca@lucaperret
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the SKILL.md shows how to add a Next.js route using mcp-handler and @modelcontextprotocol/sdk and how to deploy to Vercel. It does not request unrelated binaries, credentials, or config paths.
Instruction Scope
Instructions are focused on creating an MCP route, registering tools, and Vercel deployment. They ask the developer to run npm install and to copy compiled artifacts into the Vercel root if using a root directory. That file-copy guidance implies reading project build outputs (e.g., ../../dist) — this is expected for build/deploy steps but you should ensure those paths do not accidentally reference or expose secrets or unrelated files.
Install Mechanism
This is an instruction-only skill (no install spec). The SKILL.md tells the user to run npm install for public packages (mcp-handler, @modelcontextprotocol/sdk, zod). There are no downloads from arbitrary URLs or automatic install steps performed by the skill itself.
Credentials
The skill declares no required environment variables or credentials. In practice, deploying with the Vercel CLI requires Vercel auth (not requested by this skill) and you may add OAuth tokens for protected tools — the skill does not demand unrelated secrets.
Persistence & Privilege
always is false, the skill is user-invokable and not force-included. There is no instruction to modify other skills or global agent settings.
Assessment
This skill appears coherent for adding an MCP endpoint on Vercel, but before installing/applying it: (1) review the npm packages (mcp-handler, @modelcontextprotocol/sdk, zod) for trustworthiness and recent releases; (2) when registering tools, avoid implementing handlers that perform sensitive data reads or expose secrets — test in a staging project first; (3) deploying to Vercel requires your Vercel account/CLI auth — keep tokens secure and do not paste them into third-party UIs; (4) follow the guidance about root directory and file copying carefully so you don't accidentally include build artifacts that contain secrets; (5) if you intend to expose destructive operations (delete/overwrite) via tools, add proper auth and rate-limiting. Overall the skill is internally consistent, but exercise normal operational caution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97115ch0yk1jxvta81pjr5hv98360fh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis

Comments