ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

mcp-server-discovery-p

v1.0.0

Discover, search, and manage MCP (Model Context Protocol) servers with comprehensive capabilities. Efficiently locate servers, retrieve detailed information,...

0· 58·0 current·0 all-time
by@subaru0573

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for subaru0573/mcp-server-discovery-p.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "mcp-server-discovery-p" (subaru0573/mcp-server-discovery-p) from ClawHub.
Skill page: https://clawhub.ai/subaru0573/mcp-server-discovery-p
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mcp-server-discovery-p

ClawHub CLI

Package manager switcher

npx clawhub@latest install mcp-server-discovery-p
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (MCP server discovery) aligns with the included script and files: the script lists known servers, queries registries, and generates npx-based client configs. However, the skill emits npx install commands (i.e., it expects npm/npx to be used) but declares no required binaries. The README and references note that some servers (e.g., GitHub) require credentials (GITHUB_TOKEN), yet the skill metadata does not declare any required environment variables.
Instruction Scope
SKILL.md only tells the agent/user to run scripts that list/search/info/config. The contained script performs network requests (fetching raw GitHub README and a GitHub search API URL) and prints/generates JSON. The instructions are scoped to server discovery/config generation and do not instruct the agent to read arbitrary local files or exfiltrate secrets, but they do produce npx commands that—if executed by the user—will run remote npm packages (which can execute arbitrary code).
Install Mechanism
There is no install spec (instruction-only), which minimizes direct install risk. The included Python script will perform outbound HTTP(S) requests when run; those network fetches are from GitHub/RawGitHub and GitHub API (expected for a registry lookup). No downloads of arbitrary archives or obscure hosts are present.
Credentials
The skill declares no required env vars, which is consistent with the script. However, reference docs indicate some MCP servers (notably the GitHub integration) require a GITHUB_TOKEN. The skill can generate configurations that include env entries (e.g., API_KEY) for servers; users must supply those secrets manually. The omission of declared required binaries (npx/node) and absent mention of potential need for tokens is an inconsistency the user should be aware of.
Persistence & Privilege
The skill does not request elevated persistence or 'always' inclusion; it is user-invocable and does not modify other skills or system-wide agent settings. No credential storage or privileged behaviors are present in the code.
What to consider before installing
This skill appears to do what it says (discover MCP servers and generate client configs), but pay attention to these points before running or following its output: - Network activity: Running scripts will fetch from raw GitHub URLs and the GitHub API. Inspect those URLs if you care about source/trust. - npx usage: Generated configs and the KNOWN_SERVERS entries use 'npx -y @modelcontextprotocol/server-...'. Running those commands will download and execute npm packages from the registry — that can run arbitrary code. Only run them after verifying the package authors and repository contents. - Missing binary declaration: The skill does not declare required binaries. You will need node/npm/npx installed to use the generated install commands; the skill metadata doesn't warn about that. - Credentials: The registry docs mention services that require tokens (e.g., GITHUB_TOKEN). The skill doesn't request or manage those credentials; you must supply them to servers you install. Be careful not to place secrets in configs you didn't audit. - Scope of access: Some server types (filesystem, database) imply access to local files or databases once installed. Treat those servers as high-privilege components and only install/trust ones you have audited. Suggested actions: run the Python script in a network-isolated environment first, inspect the generated config and the exact npx packages before executing them, and prefer to clone and review the referenced server repositories on GitHub rather than blindly running npx -y.

Like a lobster shell, security has layers — review code before you run it.

latestvk976kab7t70h3xswy0ajxfmd9185f911
58downloads
0stars
1versions
Updated 3d ago
v1.0.0
MIT-0
@subaru0573
latest
Download

MCP Server Discovery

This skill helps you discover and manage MCP (Model Context Protocol) servers.

What is MCP?

Model Context Protocol (MCP) is an open standard that enables AI systems to connect with external data sources and tools. It provides a standardized way for AI assistants to access files, databases, APIs, and other resources.

Available Commands

Use the scripts/mcp_discover.py script for all MCP operations:

List Available Servers

python3 scripts/mcp_discover.py list

Filter by category:

python3 scripts/mcp_discover.py list --category database

Categories: filesystem, dev, database, web, search, memory

Search for Servers

python3 scripts/mcp_discover.py search --query "database"

Get Server Details

python3 scripts/mcp_discover.py info --name postgres

Generate MCP Client Configuration

python3 scripts/mcp_discover.py config --servers "filesystem,github,memory"

Common Workflows

Setting up a new MCP client

  1. List available servers to see options
  2. Select the servers you need
  3. Generate configuration with those servers
  4. Save the output to your MCP client's config file

Finding the right server

  1. Use search with keywords related to your need
  2. Use info to get detailed information about a specific server
  3. Check the install command and URL for setup instructions

Server Categories

  • filesystem: File system access and management
  • dev: Development tools and integrations (GitHub, etc.)
  • database: Database connections (PostgreSQL, SQLite)
  • web: Web scraping and content fetching
  • search: Search engine integrations
  • memory: Persistent memory and knowledge graph

JSON Output

All commands support --json flag for programmatic use:

python3 scripts/mcp_discover.py list --json

Comments

Loading comments...