ClawHub

mcp-registry

v1.0.0

Discover, search, and browse MCP servers from the official MCP Registry and MCPCentral. Find servers, get specs, and generate setup configurations. Use when...

0· 66·0 current·0 all-time
by@mcpcentral-io
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contained instructions: SKILL.md documents how to search and fetch server metadata from the official MCP Registry and MCPCentral. No unrelated credentials, binaries, or installs are required.
Instruction Scope
Runtime instructions are limited to calling public HTTP endpoints (registry.modelcontextprotocol.io and mcpcentral.io), parsing responses, and assembling configuration snippets. The doc does not instruct reading local files, scanning system state, or transmitting data to unexpected endpoints.
Install Mechanism
There is no install spec and no code files to execute; this is instruction-only, so nothing will be written to disk or downloaded during install.
Credentials
requires.env is empty and SKILL.md does not request secrets. It does describe environment variables that may be returned by servers (e.g., a GitHub token required by a discovered server) — those are part of the registry data and would only become user-supplied secrets when the user chooses to install a discovered server.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request persistent system changes or claim the ability to modify other skills or global agent configuration.
Assessment
This skill is instruction-only and appears coherent with its described purpose. Before installing or using it, note: (1) it requires network access to registry.modelcontextprotocol.io and mcpcentral.io — confirm your environment allows those requests; (2) results may include environmentVariable definitions for discovered servers (placeholders for tokens/keys) — do not paste real secrets into outputs shared with others, and only provide credentials when you intend to install/run the server; (3) the skill may present install commands from the registry — review and understand any install command before executing it locally; (4) the included eval JSON files are tests/evaluations and contain no sensitive data. Overall this appears internally consistent and limited in scope.

Like a lobster shell, security has layers — review code before you run it.

latestvk975ps03z6jncdtgfs8yy5smph83mv5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments