ClawHub

MCP Config

v0.1.2

MCP server configuration and diagnostics. add - add server (scope selection + registration) [add.md], move - change server scope (project→local, local→user)...

0· 91·0 current·0 all-time
byes6kr@drumrobot
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match content: the files only describe how to add/move/list/diagnose MCP servers and reference agent-specific config files and CLI commands (claude mcp). There are no unrelated credentials, binaries, or installs required.
Instruction Scope
Instructions legitimately reference reading agent config files (~/.claude.json, .mcp.json, plugin cache, debug logs) and running CLI commands (claude mcp, npx, uvx) for diagnostics and validation — this is coherent with server configuration/diagnostics. Note: the docs include examples that run third‑party packages (npx @.../mcp) and explicit shell commands (ls, cat); those will execute remote code if the user runs them, so exercise the usual caution before running npx/uvx commands from untrusted packages.
Install Mechanism
Instruction-only skill with no install spec and no downloaded artifacts; nothing is written to disk by the skill itself.
Credentials
The skill declares no required env vars or credentials. Examples show API_KEY or DATABASE_URI as typical server config entries; those are illustrative and reasonable for MCP servers, and the docs explicitly warn not to commit secrets to project scope.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide privileges or modify other skills; autonomous invocation is allowed (platform default) but not combined with other red flags.
Assessment
This is a documentation-only skill that tells you how to use the claude mcp CLI, where MCP configs live, and how to debug connections. It will tell you to read files in your home directory and to run shell commands (ls, cat, claude mcp list/get/remove/add) — those are expected for diagnostics. Before following the examples, verify any third‑party npm/uvx packages (e.g., @utcp/code-mode-mcp, @upstash/context7-mcp, @anthropics/mcp-playwright, postgres-mcp) because running npx/uvx will execute code downloaded from package registries. Never commit secrets (API_KEY, DATABASE_URI) into project-scoped .mcp.json; prefer local/user scopes for sensitive values. If you need higher assurance, inspect the referenced packages/repos and backup your config files before making changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ergajtdm08b6y0e56a6k0pd84wvcv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments