Mcp Integration
v0.1.1Use Model Context Protocol servers to access external tools and data sources. Enable AI agents to discover and execute tools from configured MCP servers (legal databases, APIs, database connectors, weather services, etc.).
⭐ 16· 7k·50 current·52 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, README, config schema and code (http-transport.js, index.js) all implement an MCP HTTP/SSE transport, discovery (list) and invocation (call) of remote tools. The ability to call database, weather, legal services, etc. is coherent with the stated purpose. The config also supports a stdio transport (command, args, env) which is powerful but explainable (some MCP servers are local binaries).
Instruction Scope
Runtime instructions are narrowly focused: list available tools, inspect tool inputSchema, validate and construct calls, parse responses, chain calls, and handle errors. The SKILL.md and docs reference only OpenClaw config files (~/.openclaw/openclaw.json) and environment variables that are expected for configuring MCP servers. There are no instructions to read unrelated host files or exfiltrate data.
Install Mechanism
There is no registry install spec (instruction-only at registry level), which reduces automatic install risk. However the bundle includes Node.js code and README with manual install steps (git clone + npm install). That means if you follow the README and install the plugin it will write files and execute Node.js code under your OpenClaw instance. The code appears to only implement transport/management (no obfuscated downloads), but installing still grants it runtime ability to make network requests and spawn processes (via stdio transport) if configured.
Credentials
The registry declares no required env vars, which is consistent. Documentation explains using environment variables (or an envFile) to provide API keys to specific MCP servers and allows per-server env settings for stdio transport. This is reasonable for integrating third‑party services, but it means secrets placed in OpenClaw config or passed into spawned MCP processes could be exposed to the remote servers — configure with care and avoid committing secrets in repo/config files.
Persistence & Privilege
The skill is not forced always-on (always:false) and uses the normal autonomous-invocation defaults. It does not request modification of other plugins or system-wide settings. Its persistence model (registered mcp tool, configured in openclaw.json) is typical for an OpenClaw plugin.
Assessment
This plugin appears to do what it says: expose MCP servers' tools to agents. Before installing or enabling it, consider the following:
- Only configure servers you trust. The plugin will forward requests and responses to whatever URL/command you provide — a malicious or compromised MCP server can return harmful data or attempt to trick the agent.
- Avoid placing secrets directly in repository files. Use environment variables stored securely (not committed to git) and prefer per-server env entries that you control. Remember the plugin can pass env values into spawned stdio processes.
- Prefer HTTPS and restricted network scope for production servers. For initial testing, keep servers on localhost or an isolated network.
- If you enable stdio transport (command to spawn a local MCP server), only use trusted binaries: that option lets the plugin spawn local processes with given env and args.
- Limit agent access to the mcp tool via agent allowlists/denylist in OpenClaw if you want to restrict autonomous use.
- When installing, run npm install and the plugin in a controlled environment (container or VM) first and review index.js and http-transport.js yourself; check OpenClaw logs after startup to see which servers and tools were registered.
If you want additional assurance, provide the plugin's source to an internal reviewer or run it in an isolated instance and verify behavior before enabling on production agents.Like a lobster shell, security has layers — review code before you run it.
latestvk972b0kc48z6chnzt3bmfpktf980dp4r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.