Install
openclaw skills install mcp-server-plusMCP Server Plus
Enhanced MCP server creation with templates, security best practices, deployment guides, and monitoring. Supports multiple transport types (stdio, SSE, WebSocket) and deployment platforms.
MCP Server Plus
Enhanced MCP server creation with templates, security, deployment, and monitoring.
Features
- Server Templates: Ready-to-use templates for common use cases
- Security Best Practices: Authentication, rate limiting, input validation
- Deployment Guides: Multiple platforms (Docker, Vercel, AWS)
- Monitoring: Health checks, logging, metrics
- Transport Options: stdio, SSE, WebSocket
Quick Reference
| Use Case | Template | Transport |
|---|---|---|
| API wrapper | api-wrapper | SSE |
| Database access | database | stdio |
| File system | filesystem | stdio |
| Real-time | websocket | WebSocket |
Server Templates
API Wrapper Server
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
const server = new Server(
{
name: "api-wrapper",
version: "1.0.0",
},
{
capabilities: {
tools: {},
},
}
);
// Define tools
server.setRequestHandler("tools/list", async () => ({
tools: [
{
name: "fetch_data",
description: "Fetch data from external API",
inputSchema: {
type: "object",
properties: {
endpoint: { type: "string" },
params: { type: "object" },
},
required: ["endpoint"],
},
},
],
}));
// Handle tool calls
server.setRequestHandler("tools/call", async (request) => {
const { name, arguments: args } = request.params;
if (name === "fetch_data") {
const response = await fetch(args.endpoint, {
method: "GET",
headers: {
"Authorization": `Bearer ${process.env.API_KEY}`,
},
});
const data = await response.json();
return {
content: [
{
type: "text",
text: JSON.stringify(data, null, 2),
},
],
};
}
});
// Start server
const transport = new StdioServerTransport();
await server.connect(transport);
Database Server
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import { Pool } from "pg";
const pool = new Pool({
connectionString: process.env.DATABASE_URL,
});
const server = new Server(
{
name: "database",
version: "1.0.0",
},
{
capabilities: {
tools: {},
},
}
);
server.setRequestHandler("tools/list", async () => ({
tools: [
{
name: "query",
description: "Execute SQL query",
inputSchema: {
type: "object",
properties: {
sql: { type: "string" },
params: { type: "array" },
},
required: ["sql"],
},
},
],
}));
server.setRequestHandler("tools/call", async (request) => {
const { name, arguments: args } = request.params;
if (name === "query") {
const result = await pool.query(args.sql, args.params);
return {
content: [
{
type: "text",
text: JSON.stringify({
rows: result.rows,
rowCount: result.rowCount,
}, null, 2),
},
],
};
}
});
const transport = new StdioServerTransport();
await server.connect(transport);
File System Server
import { Server } from "@modelcontextprotocol/sdk/server/index.js";
import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
import * as fs from "fs/promises";
import * as path from "path";
const server = new Server(
{
name: "filesystem",
version: "1.0.0",
},
{
capabilities: {
tools: {},
},
}
);
server.setRequestHandler("tools/list", async () => ({
tools: [
{
name: "read_file",
description: "Read file contents",
inputSchema: {
type: "object",
properties: {
path: { type: "string" },
},
required: ["path"],
},
},
{
name: "write_file",
description: "Write to file",
inputSchema: {
type: "object",
properties: {
path: { type: "string" },
content: { type: "string" },
},
required: ["path", "content"],
},
},
],
}));
server.setRequestHandler("tools/call", async (request) => {
const { name, arguments: args } = request.params;
if (name === "read_file") {
const content = await fs.readFile(args.path, "utf-8");
return {
content: [
{
type: "text",
text: content,
},
],
};
}
if (name === "write_file") {
await fs.writeFile(args.path, args.content);
return {
content: [
{
type: "text",
text: `File written successfully: ${args.path}`,
},
],
};
}
});
const transport = new StdioServerTransport();
await server.connect(transport);
Security Best Practices
Authentication
// API key validation
const validateApiKey = (req) => {
const apiKey = req.headers["x-api-key"];
if (apiKey !== process.env.API_KEY) {
throw new Error("Invalid API key");
}
};
// OAuth2 validation
const validateOAuth = async (req) => {
const token = req.headers.authorization?.split(" ")[1];
if (!token) {
throw new Error("Missing authorization token");
}
const user = await verifyToken(token);
return user;
};
Rate Limiting
import rateLimit from "express-rate-limit";
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 100, // limit each IP to 100 requests per windowMs
message: "Too many requests",
});
app.use(limiter);
Input Validation
import { z } from "zod";
const ToolInputSchema = z.object({
endpoint: z.string().url(),
params: z.object({}).optional(),
});
const validateInput = (input) => {
return ToolInputSchema.parse(input);
};
Environment Variables
# Required
API_KEY=your-api-key
DATABASE_URL=postgresql://user:pass@host/db
# Optional
PORT=3000
LOG_LEVEL=info
RATE_LIMIT=100
Deployment Guides
Docker
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
EXPOSE 3000
CMD ["node", "server.js"]
# docker-compose.yml
version: "3.8"
services:
mcp-server:
build: .
ports:
- "3000:3000"
environment:
- API_KEY=${API_KEY}
- DATABASE_URL=${DATABASE_URL}
restart: unless-stopped
Vercel
{
"version": 2,
"builds": [
{
"src": "server.js",
"use": "@vercel/node"
}
],
"routes": [
{
"src": "/(.*)",
"dest": "server.js"
}
]
}
AWS Lambda
// handler.js
const { Server } = require("@modelcontextprotocol/sdk/server/index.js");
const { SSEServerTransport } = require("@modelcontextprotocol/sdk/server/sse.js");
exports.handler = async (event, context) => {
const server = new Server(/* ... */);
const transport = new SSEServerTransport("/messages", res);
await server.connect(transport);
return {
statusCode: 200,
body: JSON.stringify({ status: "connected" }),
};
};
Monitoring
Health Checks
app.get("/health", (req, res) => {
res.json({
status: "healthy",
uptime: process.uptime(),
timestamp: new Date().toISOString(),
});
});
Logging
import winston from "winston";
const logger = winston.createLogger({
level: process.env.LOG_LEVEL || "info",
format: winston.format.combine(
winston.format.timestamp(),
winston.format.json()
),
transports: [
new winston.transports.Console(),
new winston.transports.File({ filename: "error.log", level: "error" }),
new winston.transports.File({ filename: "combined.log" }),
],
});
Metrics
import { Counter, Histogram } from "prom-client";
const requestCounter = new Counter({
name: "mcp_requests_total",
help: "Total number of MCP requests",
labelNames: ["method", "status"],
});
const requestDuration = new Histogram({
name: "mcp_request_duration_seconds",
help: "Duration of MCP requests in seconds",
labelNames: ["method"],
});
Transport Options
stdio
- Best for local communication
- Simple setup
- Low latency
SSE (Server-Sent Events)
- Best for web applications
- HTTP-based
- Easy to proxy
WebSocket
- Best for real-time communication
- Bidirectional
- Persistent connection
Best Practices
- Use TypeScript - Type safety and better tooling
- Validate inputs - Always validate tool inputs
- Handle errors - Return meaningful error messages
- Log operations - Track tool usage and errors
- Rate limit - Prevent abuse
- Use environment variables - Never hardcode secrets
- Health checks - Monitor server status
- Documentation - Document tools and usage
Common Issues
| Issue | Solution |
|---|---|
| Connection refused | Check server is running |
| Authentication failed | Verify API key |
| Timeout | Increase timeout or check network |
| Rate limited | Implement rate limiting |
| Memory leak | Monitor and restart periodically |