Mcp Review
v1.0.0审查MCP Server工具实现是否符合接口设计准则。当用户要求review、检查、审查MCP工具定义,或说"check一下工具设计"、"review mcp tools"、"工具设计有没有问题"时使用。
⭐ 0· 105·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (MCP tool review) align with requirements: the skill needs to read local files, search for @mcp.tool() decorations, parse definitions and produce a report. No unrelated env vars, binaries, or network accesses are requested.
Instruction Scope
SKILL.md gives specific, scoped instructions: read the included MCP_API_DESIGN_GUIDE.md, locate server files via Glob patterns, extract @mcp.tool() definitions, and produce a structured per-tool report. It does not instruct reading unrelated system files, environment secrets, or posting data to external endpoints. One minor note: the SKILL.md references a specific path (.claude/skills/mcp-review/...) for the guide — ensure that path resolves in your environment.
Install Mechanism
No install spec and no code files — instruction-only. That is low-risk because nothing is downloaded or written to disk by an install step.
Credentials
No environment variables, credentials, or config paths are required. The skill only needs read access to workspace files (server, formatter, mock_data) which is appropriate for a static design review tool.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. disable-model-invocation is default false (agent may invoke autonomously), which is normal and not in itself a concern given the limited scope.
Assessment
This skill is instruction-only and internally consistent with its stated purpose. Before installing or running it: 1) confirm you trust the skill source (owner unknown); 2) be aware it will read repository files (searching for **/*server*.py and @mcp.tool()), so don't run it on repos containing secrets or private credentials; 3) verify the included guide path (.claude/skills/mcp-review/MCP_API_DESIGN_GUIDE.md) is available in your environment or adjust the path; 4) check what the allowed tool named "Agent" means in your platform (ensure it does not permit unexpected remote actions); and 5) run it on a sample or sandbox repo first to observe outputs. Overall the design appears coherent and proportionate, with no requested credentials or install-time network downloads.Like a lobster shell, security has layers — review code before you run it.
latestvk9725pr0xh70fyerqwmr4kvjv583h0rk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.