Store Mcp Connect

v0.2.0

Connect an AI agent to a Mobazha store via MCP (Model Context Protocol). Use when the user wants their agent to directly manage store products, orders, and s...

⭐ 0· 120·0 current·0 all-time

by@fengzie

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fengzie/mobazha-store-mcp-connect.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Store Mcp Connect" (fengzie/mobazha-store-mcp-connect) from ClawHub.
Skill page: https://clawhub.ai/fengzie/mobazha-store-mcp-connect
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mobazha-store-mcp-connect

ClawHub CLI

Package manager switcher

npx clawhub@latest install mobazha-store-mcp-connect

Security Scan

Capability signals

CryptoCan make purchasesRequires OAuth tokenRequires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name and instructions align: connecting an AI agent to a Mobazha store legitimately requires an API token and sometimes SSH/tunneling. The listed MCP tools (products, orders, chat, etc.) match that purpose.

ℹ

Instruction Scope

SKILL.md explicitly instructs the agent/user to obtain/store an API token, add credentials to agent config files (e.g., ~/.claude.json, .cursor/mcp.json, opencode.json), and optionally use SSH tunnels. Those actions are within scope for a store-connection skill, but the instructions also include curl commands that post admin passwords to obtain tokens—users should be warned to run those commands only on trusted machines and to avoid embedding secrets in source-controlled files.

ℹ

Install Mechanism

This is an instruction-only skill with no install spec (low installation risk). However, SKILL.md references a stdio binary (mobazha-mcp) bundled in the standalone Docker image with no install instructions or provenance provided — worth noting because if a user seeks that binary they will pull code/binaries outside the skill metadata.

Credentials

SKILL.md declares 'requires_credentials: true' and specifies an API Bearer token and optional SSH credentials, and it suggests env vars like MOBAZHA_TOKEN / MOBAZHA_GATEWAY_URL. But the registry metadata lists no required env vars or primary credential. This inconsistency is significant: the skill will require sensitive tokens, yet the published metadata did not declare them. Users need to be explicitly alerted that tokens will be stored in agent config files or environment variables.

✓

Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It instructs editing user-level agent config files (expected for this use case) rather than modifying other skills or system-wide settings.

What to consider before installing

This skill appears to do what it says (connect an AI agent to a Mobazha store) but there are important gaps you should consider before installing: - Metadata mismatch: the SKILL.md requires an API token and optionally SSH credentials, but the registry entry lists no required credentials. Assume the skill needs a Bearer API token and plan accordingly. - Minimize scope: create the least-privilege API token possible (read-only or scoped to only the actions the agent needs) before connecting. Test with a read-only token first. - Secret handling: follow the skill's own advice—store tokens in environment variables or a secrets manager, not in source-controlled config files. If you must add tokens to agent config files, ensure those files are excluded from VCS and have appropriate filesystem permissions. - Admin/password use: only run token-generation curl commands on machines you control; avoid pasting admin passwords into third-party UIs or untrusted agents. - Verify endpoints and provenance: confirm the SSE URL you configure actually belongs to your store (and not a typo or malicious domain). Because the skill has no homepage and unknown source, prefer manual verification and avoid downloading binaries unless from an official Mobazha release (e.g., official Docker image or GitHub release). - If you permit SSH tunneling, ensure the SSH key/credentials are tightly controlled and that you understand the tunnel's implications. If you want, provide the registry/package metadata or a link to an official Mobazha documentation page; with that I can re-evaluate and raise or lower the concern level.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fzm9v1hf4kg1pyrgxka8xkn85b51j

120downloads

0stars

2versions

Updated 6d ago

v0.2.0

MIT-0

Connect AI Agent to Your Store (MCP)

Connect your AI coding agent to your Mobazha store via MCP (Model Context Protocol). Once connected, your agent can directly manage products, orders, messages, and more.

This skill requires credentials. The agent needs an API token from your store to connect. The agent must ask for your explicit consent before initiating any connection to your store. Tokens should be stored in environment variables, never committed to source control.

What You Get

After connecting, your AI agent has access to 30+ store management tools:

Category	Tools	What They Do
Products	`listings_create`, `listings_update`, `listings_delete`, `listings_list_mine`, `listings_import_json`	Full product CRUD + bulk import
Orders	`orders_get_sales`, `orders_confirm`, `orders_fulfill`, `orders_refund`	Order lifecycle
Chat	`chat_get_conversations`, `chat_send_message`	Buyer communication
Discounts	`discounts_create`, `discounts_update`, `discounts_delete`	Promotions
Collections	`collections_create`, `collections_add_products`	Product organization
Profile	`profile_get`, `profile_update`	Store identity
Notifications	`notifications_list`, `notifications_mark_read`	Activity feed
Search	`search_listings`, `search_profiles`	Marketplace discovery
Finance	`exchange_rates_get`, `wallet_get_receiving_accounts`, `fiat_get_providers`	Payments and rates

Connection Method: SSE (Recommended)

All Mobazha deployments include a built-in MCP SSE endpoint. This is the recommended method because:

No additional binary to install or maintain
Tools are always up-to-date with your store version
Works with Claude Code, Cursor, Codex, and all modern AI agents

SSE Endpoint

Deployment	SSE URL
SaaS	`https://app.mobazha.org/platform/v1/mcp/sse`
Standalone (custom domain)	`https://shop.example.com/platform/v1/mcp/sse`
Standalone (local Docker)	`http://localhost/platform/v1/mcp/sse`
Native install (local)	`http://localhost:5102/platform/v1/mcp/sse`
Native install (VPS)	`http://<vps-ip>:5102/platform/v1/mcp/sse`

Step 1: Get Your API Token

SaaS Store

Log in to your store at app.mobazha.org
Go to Settings > API
Click Generate Token
Copy the token

Standalone Store (Docker with domain)

Open your store's admin panel in a browser and generate a token via Settings > API, or via curl:

curl -X POST https://shop.example.com/platform/v1/auth/tokens \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "<your-admin-password>"}'

Native Install (local or VPS)

The default gateway port for native installs is 5102:

curl -X POST http://localhost:5102/platform/v1/auth/tokens \
  -H "Content-Type: application/json" \
  -d '{"username": "admin", "password": "<your-admin-password>"}'

For a VPS, replace localhost with your server's IP or use an SSH tunnel:

ssh -L 5102:localhost:5102 root@<vps-ip>
# Then use http://localhost:5102 from your local machine

Step 2: Configure Your AI Agent

Claude Code

Add to ~/.claude.json (or project-level .mcp.json):

{
  "mcpServers": {
    "mobazha-store": {
      "type": "sse",
      "url": "https://shop.example.com/platform/v1/mcp/sse",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Cursor

Add to .cursor/mcp.json in your project:

{
  "mcpServers": {
    "mobazha-store": {
      "url": "https://shop.example.com/platform/v1/mcp/sse",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Or go to Settings > MCP Servers > Add Server and enter the SSE URL.

Codex CLI

codex mcp add mobazha-store --transport sse \
  --url "https://shop.example.com/platform/v1/mcp/sse" \
  --header "Authorization: Bearer <your-token>"

OpenCode

Add to opencode.json:

{
  "mcp": {
    "mobazha-store": {
      "type": "sse",
      "url": "https://shop.example.com/platform/v1/mcp/sse",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Replace https://shop.example.com with your actual store URL from the table above.

Step 3: Verify the Connection

Ask your AI agent:

"List my store's products" or "Show my recent orders"

The agent should call listings_list_mine or orders_get_sales and return results. If it works, the connection is live.

For a guide on what you can do with MCP tools, see the store-management skill.

Advanced: stdio Transport

For environments where SSE is not supported by the AI agent, or for air-gapped setups, a mobazha-mcp stdio binary is available. It ships with the standalone Docker image and native install.

When to Use stdio

Your AI agent doesn't support SSE MCP transport
Air-gapped or restricted network environment
Development/debugging of the MCP layer itself

Using stdio from Standalone Docker

The binary is bundled in the container:

docker exec -it <container> mobazha-mcp --gateway-url http://localhost:5102 --token <token>

stdio CLI Reference

Flag	Env Variable	Default	Description
`--gateway-url`	`MOBAZHA_GATEWAY_URL`	`http://localhost:5102`	Store gateway URL
`--token`	`MOBAZHA_TOKEN`	(required)	Bearer token
`--search-url`	`MOBAZHA_SEARCH_URL`	(optional)	Marketplace search API URL

stdio Agent Configuration

{
  "mcpServers": {
    "mobazha-store": {
      "command": "mobazha-mcp",
      "args": ["--gateway-url", "http://localhost:5102"],
      "env": {
        "MOBAZHA_TOKEN": "<your-token>"
      }
    }
  }
}

Troubleshooting

"connection refused" or timeout

Native install: verify the store is running with curl http://localhost:5102/healthz
Standalone Docker: the SSE endpoint is at port 80/443 (not 5102), try curl http://localhost/healthz
For remote stores, check that the domain resolves and HTTPS is configured

"401 Unauthorized"

Verify the token: curl -H "Authorization: Bearer <token>" http://localhost:5102/v1/profiles
Token may have expired — generate a new one
Ensure the token has the required scopes for the tools you want to use

"tool not found"

search_listings and search_profiles require the marketplace search service
Some tools require specific scopes on the API token (e.g., listings:write for listings_create)

Credential Safety

Never hardcode tokens in source code or config files committed to git
Store the token in environment variables or a secrets manager
Add MCP config files to .gitignore if they contain tokens
Tokens can be revoked and regenerated at any time from the store admin panel
The agent must never log, display, or transmit tokens to any party other than the target store endpoint

Comments

Loading comments...