Agent3 Hub
Universal AI resource registry — search and invoke agents, MCP servers, and APIs through a single MCP endpoint. Includes Telegram content search, Google sear...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 105 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Agent3 Hub registry + MCP endpoint) lines up with the runtime instructions (how to call the hub and which tools it exposes). However the SKILL.md suggests using 'npx mcp-remote' in client config which implies dynamic code download at runtime; the skill metadata does not declare a required binary (npx) or an install step. The skill's source/homepage are missing, which reduces traceability.
Instruction Scope
The instructions show how to authenticate and call the hub's MCP endpoint and list operations that include 'agents_invoke' and 'agents_register' — i.e., the agent can invoke arbitrary registered resources and register new agents via the hub. That is coherent with a registry but grants broad remote-execution capability and the potential to relay or exfiltrate data to third-party resources. The examples do not instruct reading local files or other env vars, which is good, but the broadness of the available operations is a functional risk.
Install Mechanism
No install spec and no code files (lowest install risk). However, the suggested client config uses 'npx ... mcp-remote' which will dynamically fetch and run code from the npm ecosystem at runtime. That behavior is not declared in the metadata and effectively causes remote code execution on the client when the MCP client starts. This is an operational risk to consider even though the skill itself doesn't install files.
Credentials
The skill only requests a single AGENT3_API_KEY, which is proportionate to authenticating to a third-party hub. There are no unrelated secrets requested. Note that that single key likely grants broad hub privileges (search/invoke/register), so its scope matters — use a least-privilege key if possible.
Persistence & Privilege
always is false (good). Model invocation is permitted (default), so the agent could autonomously call the hub and invoke registered resources. Combined with the hub's ability to invoke/register agents, this increases the blast radius for autonomous actions. This is not inherently malicious but is a meaningful privilege that the user should deliberately allow or restrict.
What to consider before installing
Plain-language actions and questions before installing:
- Understand what you're trusting: this skill connects your agent to a third-party MCP endpoint (hub.agent3.me). That endpoint can expose many remote tools and can itself run or register agents — meaning actions could be proxied to other services.
- Limit the API key: only provide an AGENT3_API_KEY with the minimal permissions and an expiration/ability to revoke. Prefer a scoped or ephemeral key rather than a long-lived full-access key.
- Verify the hub: the registry metadata lacks a homepage/source. Visit the hub's docs, check who runs it, privacy/security policy, and confirm the API and resource IDs you plan to call.
- Be cautious about dynamic code fetching: the suggested client config uses 'npx mcp-remote', which will download/execute npm code at runtime. Confirm the npm package, its maintainer, and its integrity before allowing this behavior.
- Control autonomous invocation: if you don't want the agent to autonomously call external resources, disable autonomous invocation or add a safety check so external calls require explicit user confirmation.
- Monitor activity: if you install, monitor network traffic and logs for unexpected remote invocations, especially 'agents_invoke' or newly registered agents.
If you can, request or inspect an authoritative source (project homepage, code repository, or published npm package) and a description of AGENT3_API_KEY scopes; that information would raise confidence and could change this assessment to benign.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
EnvAGENT3_API_KEY
SKILL.md
Agent3 Hub
Agent3 Hub is an open registry for AI agents, MCP servers, and APIs. It exposes every registered resource as a tool via a single MCP endpoint — connect once, invoke anything.
Endpoint: https://hub.agent3.me/api/mcp
Protocol: MCP 2025-03-26 (Streamable HTTP)
Get a free API key: https://hub.agent3.me/auth/signup
Setup
Claude Desktop / any MCP client
Add to your claude_desktop_config.json:
{
"mcpServers": {
"agent3": {
"command": "npx",
"args": ["-y", "mcp-remote", "https://hub.agent3.me/api/mcp"],
"env": {
"AGENT3_API_KEY": "a2a_your_key_here"
}
}
}
}
Direct HTTP (curl)
curl -X POST https://hub.agent3.me/api/mcp \
-H "Authorization: Bearer $AGENT3_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "resources_search",
"arguments": { "query": "telegram search" }
}
}'
Anthropic SDK (Python)
import anthropic
client = anthropic.Anthropic()
response = client.beta.messages.create(
model="claude-opus-4-6",
max_tokens=1024,
mcp_servers=[{
"type": "url",
"url": "https://hub.agent3.me/api/mcp",
"headers": {"Authorization": "Bearer a2a_your_key_here"}
}],
messages=[{"role": "user", "content": "Search Telegram for 'AI agents 2026'"}]
)
Available Tools
| Tool | Description | Auth |
|---|---|---|
resources_search | Search the registry by keyword or semantic query | Required |
resources_invoke | Invoke any registered resource by ID + operation | Required |
resources_get | Get full details of a resource by ID | Required |
resources_resolve | Resolve a resource endpoint URL | Required |
resources_stats | Get usage stats for a resource | Required |
agents_search | Text search across registered agents | Required |
agents_semantic_search | Semantic/vector search across agents | Required |
agents_get | Get agent details by ID | Required |
agents_invoke | Invoke an A2A agent directly | Required |
agents_register | Register a new agent in the hub | Required |
tools/list | List all available tools | Public |
resources/list | List all resources | Public |
initialize | Server info and capabilities | Public |
Example: Search Telegram Content
curl -X POST https://hub.agent3.me/api/mcp \
-H "Authorization: Bearer $AGENT3_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 1,
"method": "tools/call",
"params": {
"name": "resources_invoke",
"arguments": {
"resourceId": "a23cc5a9-0bfb-4466-acbe-fbc9af723ba4",
"operationId": "search-content",
"input": { "query": "AI news" }
}
}
}'
Example: Search Google
curl -X POST https://hub.agent3.me/api/mcp \
-H "Authorization: Bearer $AGENT3_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"jsonrpc": "2.0",
"id": 2,
"method": "tools/call",
"params": {
"name": "resources_invoke",
"arguments": {
"resourceId": "a5a14786-6738-47e2-a8e7-982ca4a90735",
"operationId": "search",
"input": { "query": "MCP protocol 2026" }
}
}
}'
Rate Limits (Free Tier)
| Category | Daily Limit |
|---|---|
| Telegram search | 20 calls/day |
| Google search | 20 calls/day |
| X/Twitter search | 20 calls/day |
| Registry search & get | Unlimited |
Limits reset at midnight UTC. Upgrade available at hub.agent3.me.
Resource Types
| Type | Description |
|---|---|
agent | A2A protocol AI agents |
api | REST / GraphQL / MCP web services |
sdk | Software development kits |
data | Data services and feeds |
Links
- Registry: https://hub.agent3.me
- Docs: https://hub.agent3.me/docs
- Get API key: https://hub.agent3.me/auth/signup
- MCP endpoint: https://hub.agent3.me/api/mcp
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…