Claude Code Agent

v0.2.0

Integrates MCP tool servers for orchestration, state persistence with IndexedDB/localStorage, and session sync across devices in OpenClaw/Clawdbot.

⭐ 0· 2.9k·7 current·7 all-time

by@enderfga

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code, README and SKILL.md consistently implement an MCP (Model Context Protocol) client/orchestration library (server lifecycle, tool calls, state persistence). That aligns with the implied purpose. However, the implementation intentionally launches arbitrary commands (e.g., via npx to start MCP servers) and allows configuring servers that can access the filesystem or external services — capabilities that are powerful and therefore require caution.

Instruction Scope

Runtime instructions and examples instruct the agent/user to start MCP servers (often via npx -y), read/write mcp_config.json, call tools like read_file, and set an arbitrary config path. The SKILL.md and examples show using filesystem and GitHub servers. Those instructions let the skill (or processes it spawns) access arbitrary filesystem paths, network services, and user-provided tokens; the instructions do not place limits on which paths or env values are safe to use.

ℹ

Install Mechanism

No install spec in metadata, but SKILL.md and README recommend installing the npm package. The package.json lists reasonable dependencies (@modelcontextprotocol/sdk, zod, zustand, idb-keyval). The higher-risk behavior is runtime: examples and config use npx to pull and run server packages on demand (npx will fetch code from npm), which is expected for an orchestrator but increases runtime risk because remote packages are executed dynamically.

Credentials

createClient builds the child process environment by copying the entire process.env and then merging config.env. That means every environment variable available to the host process will be exported to spawned MCP servers (including secrets). The skill declares no required env vars, but it nevertheless accesses and forwards all env variables — this is disproportionate and can lead to secret exposure unless the runtime environment is carefully sanitized.

ℹ

Persistence & Privilege

The skill reads and writes a local mcp_config.json (defaulting to process.cwd()) and exposes setConfigPath to point elsewhere. It persists session state to IndexedDB/localStorage in client contexts. Writing config files and managing server processes is coherent with its purpose, but combined with the ability to spawn arbitrary commands and set arbitrary config paths it increases the surface for accidental or intentional misuse.

What to consider before installing

What to consider before installing or enabling this skill: - This package is an MCP orchestrator and will (on demand) spawn subprocesses to run MCP servers (examples use `npx -y ...`). That means it can download and execute code from npm at runtime — treat that like running arbitrary code. - The code forwards the entire process environment (process.env) to any spawned server. Do not run this skill in a process that already has sensitive secrets (AWS keys, GitHub tokens, Slack tokens, etc.) in environment variables unless you explicitly trust the child servers and have audited their behavior. - The skill reads and writes mcp_config.json in the current working directory by default and lets you set arbitrary config paths. Ensure those paths are safe and that the agent cannot be tricked into overwriting important system files. - The skill examples include launching filesystem and GitHub servers and calling tools like read_file — these will access local files and remote services if configured. Only configure servers with tokens or access scopes that you trust, and prefer least privilege tokens. - Mitigations: run the skill in an isolated environment (container or dedicated VM), sanitize environment variables before use (or modify createClient to restrict which env vars are forwarded), avoid running with high-privilege credentials in the process environment, and review the exact server packages you will launch with npx (or install them from vetted sources beforehand). Confidence notes: I marked this as suspicious (medium confidence) because the code is coherent with its stated purpose but includes behaviors (full env forwarding + dynamic npx execution + writing configs) that materially increase risk and are not explicitly called out as requiring careful handling in SKILL.md. If you can confirm the package is from a trusted, actively maintained repository and you will only launch vetted server packages with sanitized env/config, the practical risk is reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e616z3zhyt0x4670cdprka980b442

2.9kdownloads

0stars

2versions

Updated 11h ago

v0.2.0

MIT-0

OpenClaw Claude Code Skill

Description

MCP (Model Context Protocol) integration for OpenClaw/Clawdbot. Use when you need to:

Connect and orchestrate MCP tool servers (filesystem, GitHub, etc.)
Persist state across sessions with IndexedDB/localStorage
Sync sessions across multiple devices

Triggers: "MCP", "tool server", "sub-agent orchestration", "session sync", "state persistence", "Claude Code integration"

Installation

npm install openclaw-claude-code-skill

Core APIs

MCP Server Management

import { 
  initializeMcpSystem, 
  addMcpServer, 
  executeMcpAction, 
  getAllTools 
} from "openclaw-claude-code-skill";

// 1. Initialize all configured servers
await initializeMcpSystem();

// 2. Add a new MCP server
await addMcpServer("fs", {
  command: "npx",
  args: ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"]
});

// 3. Get available tools
const tools = await getAllTools();

// 4. Call a tool
const result = await executeMcpAction("fs", {
  method: "tools/call",
  params: { name: "read_file", arguments: { path: "/tmp/test.txt" } }
});

State Persistence

import { createPersistStore, indexedDBStorage } from "openclaw-claude-code-skill";

const useStore = createPersistStore(
  { count: 0, items: [] },
  (set, get) => ({
    increment: () => set({ count: get().count + 1 }),
    addItem: (item: string) => set({ items: [...get().items, item] })
  }),
  { name: "my-store" },
  indexedDBStorage  // or omit for localStorage
);

// Check hydration status
if (useStore.getState()._hasHydrated) {
  console.log("State restored!");
}

Session Synchronization

import { mergeSessions, mergeWithUpdate, mergeKeyValueStore } from "openclaw-claude-code-skill";

// Merge chat sessions from multiple sources
const mergedSessions = mergeSessions(localSessions, remoteSessions);

// Merge configs with timestamp-based resolution
const mergedConfig = mergeWithUpdate(localConfig, remoteConfig);

Key Functions

Function	Purpose
`initializeMcpSystem()`	Start all MCP servers from config
`addMcpServer(id, config)`	Add new server dynamically
`removeMcpServer(id)`	Remove a server
`pauseMcpServer(id)`	Pause a server
`resumeMcpServer(id)`	Resume a paused server
`executeMcpAction(id, req)`	Call a tool on specific server
`getAllTools()`	List all available tools
`getClientsStatus()`	Get status of all MCP clients
`setConfigPath(path)`	Set custom config file location
`createPersistStore()`	Create Zustand store with persistence
`mergeSessions()`	Merge session arrays
`mergeWithUpdate()`	Merge with timestamp resolution
`mergeKeyValueStore()`	Merge key-value stores

Configuration

Create mcp_config.json:

{
  "mcpServers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
      "status": "active"
    },
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": { "GITHUB_TOKEN": "your-token" },
      "status": "active"
    }
  }
}

Set custom config path:

import { setConfigPath } from "openclaw-claude-code-skill";
setConfigPath("/path/to/mcp_config.json");

Requirements

Node.js 18+
TypeScript (optional but recommended)

Comments

Loading comments...