Mcp Builder Anthropic
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with an untrusted command or arguments, the helper would run that command on the user's machine.
The helper can launch a user-specified command for stdio-based MCP testing. This is expected for local MCP servers, but it is still local command execution.
return stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env))
Only use the stdio helper with MCP server commands you wrote or otherwise trust.
A mistaken or malicious tool selection could perform actions allowed by the connected MCP server.
The connection helper can call arbitrary tools on a connected MCP server; the surrounding evaluation guide says to use read-only, non-destructive operations, but the helper does not enforce that itself.
async def call_tool(self, tool_name: str, arguments: dict[str, Any]) -> Any:
result = await self.session.call_tool(tool_name, arguments=arguments)When evaluating an MCP server, verify tool annotations and approve any non-read-only operation before it is called.
Credentials or session headers could be sent to the configured MCP endpoint.
The helper supports HTTP/SSE MCP connections with caller-provided headers, which may include authentication material depending on how it is used.
def __init__(self, url: str, headers: dict[str, str] = None):
self.url = url
self.headers = headers or {}Connect only to trusted MCP server URLs and use narrowly scoped headers or tokens.
Generated evaluation files could contain private or sensitive data from the services being tested.
The evaluation workflow may turn retrieved service content into persistent QA examples, including personal identifiers.
Answer should be a single VERIFIABLE value such as: ... Email address, phone number
Prefer test accounts or non-sensitive fixtures for evaluations, and review generated XML before sharing or committing it.
Generated code or recommendations may reflect whatever the remote documentation contains at the time of use.
The guide asks the agent to fetch live documentation from an unpinned branch. This is normal for up-to-date SDK guidance, but the content can change over time.
Use WebFetch to load `https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md`
For production work, compare generated code against trusted, versioned SDK documentation.