github-mpc

v1.0.1

Verifies and configures required MCP servers (Atlassian and GitHub) to enable Product Guide Writer integrations and guides setup if missing.

⭐ 0· 1.5k·0 current·0 all-time

byEngineering Manager @ Trading 212@tsvetelin-kulinski

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tsvetelin-kulinski/github-mpc.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "github-mpc" (tsvetelin-kulinski/github-mpc) from ClawHub.
Skill page: https://clawhub.ai/tsvetelin-kulinski/github-mpc
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install github-mpc

ClawHub CLI

Package manager switcher

npx clawhub@latest install github-mpc

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The SKILL.md focuses on verifying/configuring multiple MCP servers (Atlassian, GitHub, optional Figma/Elasticsearch) which is coherent with an MCP prerequisites skill, but the package name 'github-mpc' and missing top-level description are misleading: the content is multi-service (Atlassian-heavy) rather than only GitHub. No declared metadata (required env/config) matches the sensitive operations the instructions recommend.

Instruction Scope

The instructions explicitly tell the agent/user to inspect a user-specific config directory (/Users/{username}/.cursor/projects/{workspace}/mcps/), call CallMcpTool operations, and guide users to create/set credentials (GITHUB_TOKEN, Figma token, Elasticsearch access). Reading per-user config and prompting/using tokens is within the task but is sensitive and not declared in the skill metadata. The SKILL.md also references a specific organization (trading212.atlassian.net), which ties the instructions to a particular workspace and could expose org-specific data if run or automated.

ℹ

Install Mechanism

There is no install spec (instruction-only), which reduces direct installation risk. However the config examples recommend using npx ("npx -y @modelcontextprotocol/server-github") which will download and execute npm package code at runtime — the skill does not provide or vet that package. That recommended install step is a potential supply-chain risk if followed by the user/agent.

Credentials

The SKILL.md asks for sensitive credentials (GitHub PAT with repo & read:org scopes, Figma token, Elasticsearch credentials) but the skill metadata lists no required environment variables or primary credential. The requested credentials are plausible for the stated tasks, but the absence of declared env requirements is an inconsistency and the instructions encourage creating/exporting long-lived tokens and running remote installs without guidance on scoping/minimizing permissions.

✓

Persistence & Privilege

The skill does not request persistent presence (always: false) nor attempt to modify other skills or system-wide settings in the instructions. It only guides user-level configuration changes to MCP server entries.

What to consider before installing

This skill mainly guides MCP configuration and is not obviously malicious, but it does ask you to read local Cursor config directories and to create/use sensitive tokens (GitHub PAT, Figma token, Elasticsearch credentials). Before installing or following its steps: - Confirm the skill's provenance (unknown owner). Prefer official/internal docs or verified packages for your organization. - Do not run recommended npx commands (e.g., "npx -y @modelcontextprotocol/server-github") without auditing the npm package. Consider installing from an approved release or inspecting the package source first. - Use least-privilege tokens: create PATs with minimal scopes, prefer short-lived tokens or org-approved app installations instead of user PATs when possible. - Review the referenced config path (~/.cursor/...) and back up any sensitive files before allowing the agent to inspect them. Consider performing checks on an isolated machine/account if you have sensitive workspace access (e.g., trading212). - If you need automated checks, restrict the agent's actions (do not allow autonomous invocation) until you can validate the skill and its external dependencies. If you want, I can: list specific places in SKILL.md that read local files or ask for tokens, suggest safer alternatives (OAuth app vs PAT), or check the npm package mentioned for known issues.

Like a lobster shell, security has layers — review code before you run it.

latestvk979pyk12v8fa6ezgvwc79hvjx80ggkx

1.5kdownloads

0stars

1versions

Updated 18h ago

v1.0.1

MIT-0

MCP Prerequisites Setup

A skill for verifying and configuring the required MCP (Model Context Protocol) servers for the Product Guide Writer workflow.

Overview

The Product Guide Writer relies on several MCP servers to provide external integrations. This skill helps verify that required MCPs are configured and guides users through setup if needed.

When to Use

Use this skill when:

Starting the Product Guide Writer for the first time
Encountering MCP-related errors during documentation workflow
Setting up a new development environment
Troubleshooting Confluence/GitHub integration issues

Required MCP Servers

MCP Server	Purpose	Required	Features Used
user-atlassian	Confluence search/publish, Jira integration	Yes	searchConfluenceUsingCql, createConfluencePage, getConfluenceSpaces
user-github	Repository search, code exploration	Yes	search_repositories, search_code, get_file_contents
user-Figma	Design mockup retrieval	Optional	get_file, get_images
user-elasticsearch-mcp	Log analysis for request flow verification	Optional	search, get

Step 1: Verify MCP Status

1.1: Check Enabled MCP Servers

The agent should verify MCP availability by checking the MCP configuration folder:

/Users/{username}/.cursor/projects/{workspace}/mcps/

Look for these directories:

user-atlassian/ - Atlassian MCP (required)
user-github/ - GitHub MCP (required)
user-Figma/ - Figma MCP (optional)
user-elasticsearch-mcp/ - Elasticsearch MCP (optional)

1.2: Test Atlassian MCP Connection

Use the getAccessibleAtlassianResources tool to verify Atlassian authentication:

Tool: CallMcpTool
Server: user-atlassian
ToolName: getAccessibleAtlassianResources
Arguments: {}

Expected Response: List of accessible Atlassian Cloud instances including Trading212.

If Error: Guide user through authentication (see Step 2).

1.3: Verify GT Space Access

Confirm access to the Product Documentation space:

Tool: CallMcpTool
Server: user-atlassian
ToolName: getConfluenceSpaces
Arguments:
  cloudId: "trading212.atlassian.net"
  keys: ["GT"]

Expected Response: Space details for GT (Product Documentation space).

If Error: User may need additional Confluence permissions.

Step 2: MCP Configuration Guide

If any required MCP is missing or misconfigured, guide the user:

2.1: Atlassian MCP Setup

If user-atlassian is not configured:

Open Cursor Settings:
- Press Cmd/Ctrl + , to open settings
- Navigate to "MCP Servers" or "Extensions"
Add Atlassian MCP:
- Search for "Atlassian" in the MCP marketplace
- Install the official Atlassian MCP server
- Or add manually to mcp.json (official Atlassian remote MCP):
```
{
  "atlassian-mcp": {
    "url": "https://mcp.atlassian.com/v1/mcp"
  }
}
```
Authenticate:
- When prompted, authorize access to your Atlassian account
- Grant access to the Trading212 workspace
- Ensure you have access to the GT Confluence space
Verify Installation:
- Restart Cursor
- Run the verification check in Step 1.2

2.2: GitHub MCP Setup

If user-github is not configured:

Install GitHub MCP:

Usually pre-installed with Cursor
If missing, add to mcp_servers.json:

{
  "github": {
    "command": "npx",
    "args": ["-y", "@modelcontextprotocol/server-github"],
    "env": {
      "GITHUB_TOKEN": "${GITHUB_TOKEN}"
    }
  }
}

Configure GitHub Token:
- Create a Personal Access Token at github.com/settings/tokens
- Grant repo and read:org scopes
- Set as environment variable: export GITHUB_TOKEN=your_token
Verify Access:
- Test with a simple repository search
- Ensure access to Trading212 organization

2.3: Optional MCPs

Figma MCP (for UI documentation):

Install: @anthropic/mcp-server-figma
Requires Figma access token
Useful for documenting user-facing features

Elasticsearch MCP (for log verification):

Install: @anthropic/mcp-server-elasticsearch
Requires Elasticsearch cluster access
Used in Phase 4 verification

Step 3: Configuration Validation

After setup, run a full validation:

3.1: Validation Checklist

## MCP Configuration Status

### Required MCPs
- [ ] user-atlassian: Connected to trading212.atlassian.net
- [ ] user-github: Connected to Trading212 organization

### Optional MCPs
- [ ] user-Figma: {Connected / Not configured}
- [ ] user-elasticsearch-mcp: {Connected / Not configured}

### Confluence Access
- [ ] GT Space accessible: trading212.atlassian.net/wiki/spaces/gt
- [ ] Can search pages: searchConfluenceUsingCql works
- [ ] Can create pages: createConfluencePage permission confirmed

### GitHub Access
- [ ] Can search repositories: search_repositories works
- [ ] Can search code: search_code works
- [ ] Trading212 org accessible

3.2: Test Search

Perform a test search to confirm full functionality:

Tool: CallMcpTool
Server: user-atlassian
ToolName: searchConfluenceUsingCql
Arguments:
  cloudId: "trading212.atlassian.net"
  cql: "space = GT AND type = page"
  limit: 5

If this returns results, Atlassian MCP is fully configured.

Troubleshooting

Issue	Cause	Solution
"MCP server not found"	MCP not installed	Follow Step 2 setup guide
"Authentication failed"	Token expired/invalid	Re-authenticate in Cursor settings
"Permission denied" for GT space	Confluence permissions	Request access from Confluence admin
"Rate limited"	Too many API calls	Wait and retry, or use caching
"Cloud ID not found"	Wrong Atlassian instance	Use `getAccessibleAtlassianResources` to find correct ID

Quick Reference

Atlassian Cloud ID

trading212.atlassian.net

GT Space Details

Space Key: GT
Space Name: Product Documentation
URL: https://trading212.atlassian.net/wiki/spaces/gt

Useful CQL Queries

Find all product guides:

space = GT AND type = page AND title ~ "Product Guide"

Find guides for specific OTT:

space = GT AND type = page AND text ~ "{ott-name}"

Find recently updated pages:

space = GT AND type = page AND lastmodified >= now("-30d")

Integration with Product Guide Writer

Once MCPs are configured, the Product Guide Writer will:

Phase 1: Use Atlassian MCP to search for existing documentation
Phase 4: Use Atlassian MCP to populate Related Pages and optionally publish
Throughout: Use GitHub MCP for repository discovery and code search

See product-guide-writer/SKILL.md for the full workflow.

Comments

Loading comments...