Mcp Client
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward MCP client, but it should only be used with trusted MCP servers because it can invoke server tools, read server resources, and send an API key to the chosen endpoint.
This skill is not showing hidden or malicious behavior in the provided artifacts. Before installing, make sure you only use MCP servers you trust, inspect available tools/resources before invoking them, avoid sending API keys to unknown URLs, and treat server-provided prompts/resources as untrusted content unless the server is under your control.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to a server exposing high-impact tools, the agent could trigger those server-side actions when asked to call them.
The client can invoke any caller-supplied MCP tool name with caller-supplied arguments on the configured server. This is the intended purpose, but it is a powerful generic action channel.
data = {"tool": tool_name, "arguments": ...}; resp = self.session.post(f"{self.server_url}/mcp/call", json=data)Only connect to trusted MCP servers, inspect available tools first, and require explicit user approval before invoking tools that change data or affect accounts.
A key entered for the wrong or untrusted server could give that server access to the credential.
The skill supports sending a user-provided bearer API key to the configured MCP server. This is expected for authenticated MCP use, but it is sensitive authority.
if api_key:
self.session.headers["Authorization"] = f"Bearer {api_key}"Use least-privilege, per-server API keys and prefer HTTPS endpoints you control or trust.
A malicious or mistaken MCP server could provide misleading tools, resources, or prompts, or receive credentials intended for another server.
The client can be pointed at arbitrary MCP endpoints, so trust, identity, and data boundaries depend on the selected server.
parent_parser.add_argument("--server-url", default=DEFAULT_MCP_SERVER, help="MCP Server URL")Use known MCP server URLs, verify server identity, and treat returned resources/prompts as untrusted unless the server is trusted.
Untrusted MCP prompt templates could influence the agent’s next steps or recommendations.
The skill explicitly supports MCP-provided prompt templates. If an agent treats remote prompt content as authoritative, it could steer behavior.
- **Prompt Templates** - Use structured prompts from MCP servers
Review server-provided prompts and do not let them override user, system, or safety instructions.
Different package versions or an untrusted package source could affect behavior.
The setup instructions rely on installing the requests package without a pinned version. This is common and purpose-aligned, but it leaves dependency version/provenance to the user environment.
pip install requests
Install dependencies from a trusted package index and consider pinning versions in controlled environments.