ClawHub

Mcp Client

v1.0.3

Model Context Protocol (MCP) client - connect to tools, data sources and services

0· 1.6k·7 current·9 all-time
byIvan Cetta@nantes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The Python client (mcp_client.py) implements the advertised MCP operations (connect, list tools, call tool, list/read resources, list prompts) and targets the expected /mcp/* endpoints. Requiring Python and the requests library is proportionate to this purpose.
!
Instruction Scope
SKILL.md shows how to connect, list tools, call tools, and read resources — matching the client's capabilities. However, SKILL.md's examples reference a PowerShell script (./mcp.ps1) that is not included; the provided CLI is a Python program. The documentation correctly warns about file:// URIs (server-side file reads) but the user-facing examples and a mismatch in script names are inconsistent and could confuse users.
Install Mechanism
No install spec is embedded (instruction-only), and the README suggests installing the single dependency via pip (requests). This is straightforward; there are no opaque downloads or archive extractions in the package itself.
Credentials
The client can accept an API key (Authorization: Bearer) but the registry metadata declares no required environment variables. Requiring credentials is reasonable for interacting with an MCP server, but the skill doesn't declare a primary env var or secret storage—API keys are optional per the code. No unrelated credentials or config paths are requested.
Persistence & Privilege
The skill does not request permanent presence (always: false) and does not modify other skills or system-wide settings. It performs network calls at runtime but does not persist tokens or change system config.
Assessment
This skill is internally consistent with being an MCP client, but be cautious before connecting to servers you don't control. An MCP server can expose resources including file:// URIs that cause the server to read local files (server-side) and return them — that can lead to data exposure. Practical steps before installing/using: 1) Prefer only trusted or self-hosted MCP servers; 2) Do not provide sensitive API keys to unknown servers; 3) Run the client in an isolated environment if you need to test against unknown servers; 4) Note the documentation mismatch (examples reference mcp.ps1 while the package contains a Python CLI) — verify how you actually invoke the client (python mcp_client.py ...) and review the included Python source if you need assurance; 5) If you require higher assurance, ask the publisher for an official release URL or repository and verify the server spec and any third-party dependencies.

Like a lobster shell, security has layers — review code before you run it.

agentvk97d0b42rc9bfqggdzfaa5k69181m04aintegrationvk97d0b42rc9bfqggdzfaa5k69181m04alatestvk97enc4x38b0typcw2fg3wnrr981ny2tmcpvk97d0b42rc9bfqggdzfaa5k69181m04a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis
Binspython

Comments