ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mcp-adapter

Use Model Context Protocol servers to access external tools and data sources. Enable AI agents to discover and execute tools from configured MCP servers (legal databases, APIs, database connectors, weather services, etc.).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 3.6k · 18 current installs · 18 all-time installs
by@lunarpulse
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (MCP adapter) matches the implementation: it discovers tools via MCP servers and calls them. The code implements a client, tool registration, and a streamable HTTP transport. No unrelated credentials, binaries, or platform-level accesses are requested.
Instruction Scope
SKILL.md instructs the agent to list and call MCP tools (action=list, action=call) and to validate input schemas before calls — this stays within the declared purpose. The docs reference storing API keys and editing OpenClaw config; the plugin reads configuration from the platform API (api.config) rather than scanning arbitrary system files. However, the agent will forward whatever arguments you provide to remote MCP servers, so the instructions implicitly permit transmitting user or agent context to external services.
Install Mechanism
No explicit install spec is provided (instruction-only), but the package includes executable plugin source (src/) and test files. This is not necessarily malicious — many platform plugins are delivered as code without separate install steps — but it is an inconsistency to be aware of. There are no remote-download installs or unusual package hosts.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the code. Documentation and configuration examples, however, discuss using environment variables / API keys for MCP services; these are optional and supplied via the platform's config/env mechanisms, which is reasonable. Because the plugin can be configured to contact arbitrary URLs and can pass env values (for stdio transports), it has the capability to transmit secrets if misconfigured — so environment access should be managed via OpenClaw config controls.
Persistence & Privilege
The skill does not request always:true and uses normal model-invocation defaults. It registers a service and a tool that will start and connect to configured servers on plugin start; this is expected behavior for a connector plugin. Nothing in the code attempts to modify other plugins' configs or system-wide settings.
Assessment
This plugin appears to implement exactly what it claims: a connector for Model Context Protocol servers. Before installing, consider: 1) Only configure it with MCP servers you trust — the plugin will send whatever arguments and data the agent provides to those servers (possible data leakage). 2) Prefer HTTPS endpoints in production and avoid pointing it at internal-only endpoints unless you intend that exposure. 3) Don't commit API keys into repo-config files; use the platform's secure env or secret storage. 4) Use OpenClaw's per-agent allowlist/denylist to limit which agents can use the 'mcp' tool. 5) Note the package includes source code (src/) even though no separate install spec is present — review the source (especially http-transport.js) if you want to audit behavior. If you need higher assurance, run the included tests using a local test server and review network traffic to verify only expected calls occur.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0
Download zip
latestvk97aqg93dneamexvnsv5qy2gm180d7ax

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

MCP Integration Usage Guide

Overview

Use the MCP integration plugin to discover and execute tools provided by external MCP servers. This skill enables you to access legal databases, query APIs, search databases, and integrate with any service that provides an MCP interface.

The plugin provides a unified mcp tool with two actions:

  • list - Discover available tools from all connected servers
  • call - Execute a specific tool with parameters

Process

🔍 Phase 1: Tool Discovery

1.1 Check Available Tools

Always start by listing available tools to see what MCP servers are connected and what capabilities they provide.

Action:

{
  tool: "mcp",
  args: {
    action: "list"
  }
}

Response structure:

[
  {
    "id": "server:toolname",
    "server": "server-name",
    "name": "tool-name", 
    "description": "What this tool does",
    "inputSchema": {
      "type": "object",
      "properties": {...},
      "required": [...]
    }
  }
]

1.2 Understand Tool Schemas

For each tool, examine:

  • id: Format is "server:toolname" - split on : to get server and tool names
  • description: Understand what the tool does
  • inputSchema: JSON Schema defining parameters
    • properties: Available parameters with types and descriptions
    • required: Array of mandatory parameter names

1.3 Match Tools to User Requests

Common tool naming patterns:

  • search_* - Find or search operations (e.g., search_statute, search_users)
  • get_* - Retrieve specific data (e.g., get_statute_full_text, get_weather)
  • query - Execute queries (e.g., database:query)
  • analyze_* - Analysis operations (e.g., analyze_law)
  • resolve_* - Resolve references (e.g., resolve_citation)

🎯 Phase 2: Tool Execution

2.1 Validate Parameters

Before calling a tool:

  1. Identify all required parameters from inputSchema.required
  2. Verify parameter types match schema (string, number, boolean, array, object)
  3. Check for constraints (minimum, maximum, enum values, patterns)
  4. Ensure you have necessary information from the user

2.2 Construct Tool Call

Action:

{
  tool: "mcp",
  args: {
    action: "call",
    server: "<server-name>",
    tool: "<tool-name>",
    args: {
      // Tool-specific parameters from inputSchema
    }
  }
}

Example - Korean legal search:

{
  tool: "mcp",
  args: {
    action: "call",
    server: "kr-legal",
    tool: "search_statute",
    args: {
      query: "연장근로 수당",
      limit: 5
    }
  }
}

2.3 Parse Response

Tool responses follow this structure:

{
  "content": [
    {
      "type": "text",
      "text": "JSON string or text result"
    }
  ],
  "isError": false
}

For JSON responses:

const data = JSON.parse(response.content[0].text);
// Access data.result, data.results, or direct properties

🔄 Phase 3: Multi-Step Workflows

3.1 Chain Tool Calls

For complex requests, execute multiple tools in sequence:

Example - Legal research workflow:

  1. Search - search_statute to find relevant laws
  2. Retrieve - get_statute_full_text for complete text
  3. Analyze - analyze_law for interpretation
  4. Precedents - search_case_law for related cases

Each step uses output from the previous step to inform the next call.

3.2 Maintain Context

Between tool calls:

  • Extract relevant information from each response
  • Use extracted data as parameters for subsequent calls
  • Build up understanding progressively
  • Present synthesized results to user

⚠ Phase 4: Error Handling

4.1 Common Errors

"Tool not found: server:toolname"

  • Cause: Server not connected or tool doesn't exist
  • Solution: Run action: "list" to verify available tools
  • Check spelling of server and tool names

"Invalid arguments for tool"

  • Cause: Missing required parameter or wrong type
  • Solution: Review inputSchema from list response
  • Ensure all required parameters provided with correct types

"Server connection failed"

  • Cause: MCP server not running or unreachable
  • Solution: Inform user service is temporarily unavailable
  • Suggest alternatives if possible

4.2 Error Response Format

Errors return:

{
  "content": [{"type": "text", "text": "Error: message"}],
  "isError": true
}

Handle gracefully:

  • Explain what went wrong clearly
  • Don't expose technical implementation details
  • Suggest next steps or alternatives
  • Don't retry excessively

Complete Example

User Request: "Find Korean laws about overtime pay"

Step 1: Discover tools

{tool: "mcp", args: {action: "list"}}

Response shows kr-legal:search_statute with:

  • Required: query (string)
  • Optional: limit (number), category (string)

Step 2: Execute search

{
  tool: "mcp",
  args: {
    action: "call",
    server: "kr-legal",
    tool: "search_statute",
    args: {
      query: "연장근로 수당",
      category: "노동법",
      limit: 5
    }
  }
}

Step 3: Parse and present

const data = JSON.parse(response.content[0].text);
// Present data.results to user

User-facing response:

Found 5 Korean statutes about overtime pay:

1. 근로기준법 제56조 (연장·야간 및 휴일 근로)
   - Overtime work requires 50% premium
   
2. 근로기준법 제50조 (근로시간)
   - Standard working hours: 40 hours per week

Would you like me to retrieve the full text of any statute?

Quick Reference

List Tools

{tool: "mcp", args: {action: "list"}}

Call Tool

{
  tool: "mcp",
  args: {
    action: "call",
    server: "server-name",
    tool: "tool-name",
    args: {param1: "value1"}
  }
}

Essential Patterns

Tool ID parsing: "server:toolname" → split on : for server and tool names

Parameter validation: Check inputSchema.required and inputSchema.properties[param].type

Response parsing: JSON.parse(response.content[0].text) for JSON responses

Error detection: Check response.isError === true

Reference Documentation

Core Documentation

Usage Examples

  • Examples Collection: EXAMPLES.md - 13 real-world examples including:
    • Legal research workflows
    • Database queries
    • Weather service integration
    • Multi-step complex workflows
    • Error handling patterns

Remember: Always start with action: "list" when uncertain about available tools.

Files

18 total
Select a file
Select a file to preview.

Comments

Loading comments…