Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
mcp-adapter
v0.1.0Use Model Context Protocol servers to access external tools and data sources. Enable AI agents to discover and execute tools from configured MCP servers (legal databases, APIs, database connectors, weather services, etc.).
⭐ 4· 4.5k·20 current·20 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (MCP adapter) matches the implementation: it discovers tools via MCP servers and calls them. The code implements a client, tool registration, and a streamable HTTP transport. No unrelated credentials, binaries, or platform-level accesses are requested.
Instruction Scope
SKILL.md instructs the agent to list and call MCP tools (action=list, action=call) and to validate input schemas before calls — this stays within the declared purpose. The docs reference storing API keys and editing OpenClaw config; the plugin reads configuration from the platform API (api.config) rather than scanning arbitrary system files. However, the agent will forward whatever arguments you provide to remote MCP servers, so the instructions implicitly permit transmitting user or agent context to external services.
Install Mechanism
No explicit install spec is provided (instruction-only), but the package includes executable plugin source (src/) and test files. This is not necessarily malicious — many platform plugins are delivered as code without separate install steps — but it is an inconsistency to be aware of. There are no remote-download installs or unusual package hosts.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the code. Documentation and configuration examples, however, discuss using environment variables / API keys for MCP services; these are optional and supplied via the platform's config/env mechanisms, which is reasonable. Because the plugin can be configured to contact arbitrary URLs and can pass env values (for stdio transports), it has the capability to transmit secrets if misconfigured — so environment access should be managed via OpenClaw config controls.
Persistence & Privilege
The skill does not request always:true and uses normal model-invocation defaults. It registers a service and a tool that will start and connect to configured servers on plugin start; this is expected behavior for a connector plugin. Nothing in the code attempts to modify other plugins' configs or system-wide settings.
Assessment
This plugin appears to implement exactly what it claims: a connector for Model Context Protocol servers. Before installing, consider: 1) Only configure it with MCP servers you trust — the plugin will send whatever arguments and data the agent provides to those servers (possible data leakage). 2) Prefer HTTPS endpoints in production and avoid pointing it at internal-only endpoints unless you intend that exposure. 3) Don't commit API keys into repo-config files; use the platform's secure env or secret storage. 4) Use OpenClaw's per-agent allowlist/denylist to limit which agents can use the 'mcp' tool. 5) Note the package includes source code (src/) even though no separate install spec is present — review the source (especially http-transport.js) if you want to audit behavior. If you need higher assurance, run the included tests using a local test server and review network traffic to verify only expected calls occur.Like a lobster shell, security has layers — review code before you run it.
latestvk97aqg93dneamexvnsv5qy2gm180d7ax
License
MIT-0
Free to use, modify, and redistribute. No attribution required.