Agentic Mcp Server Builder Conflict

PassAudited by ClawScan on May 1, 2026.

Overview

The skill is coherent for scaffolding MCP server starter files, with only normal file-write and provenance notes a user should review before running it.

This appears safe for its stated purpose, but use it like any file-generating scaffold tool: run dry-run first, generate into a new directory, avoid the outside-workspace option unless intentional, and verify the package identity because the bundled metadata differs from the registry listing.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

Running the script in a directory that already contains matching files such as server.py, tool_registry.py, schemas/tools.json, or README.md could replace their contents with starter templates.

Why it was flagged

The scaffold script intentionally writes starter files unless dry-run is used, and it overwrites the expected scaffold filenames if they already exist.

Skill content

def maybe_write_scaffold(root: Path, file_map: list[str], dry_run: bool) -> None:
    if dry_run:
        return
    for relative_path in file_map:
        path = root / relative_path
        ...
        path.write_text(...)

Recommendation

Run with --dry-run first, use a new scaffold_root directory, and avoid pointing the scaffold root at an existing project unless overwriting starter files is intended.

Low

#ASI02: Tool Misuse and Exploitation

What this means

If this option is used, generated scaffold files can be written outside the current workspace wherever the running user has permission.

Why it was flagged

The script normally restricts scaffold_root to the workspace, but it provides an explicit option to disable that boundary.

Skill content

parser.add_argument("--allow-outside-workspace", action="store_true", help="Allow scaffold_root to resolve outside the current workspace.")

Recommendation

Do not use --allow-outside-workspace unless you have deliberately chosen and reviewed the destination path.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The package contents appear purpose-aligned, but the inconsistent metadata makes provenance and version tracking less clear.

Why it was flagged

The bundled metadata does not match the registry listing, which shows owner ID kn7ahjkvm4k6kfc2tkfrhen4px82a35s, slug agentic-mcp-server-builder-conflict, and version 1.0.0.

Skill content

"ownerId": "kn757hy9x0k6n9x9ck9v9j4ywd81we48", "slug": "agentic-mcp-server-builder", "version": "0.1.0"

Recommendation

Confirm that this is the intended package/version before relying on it in a shared or production workflow.