ClawHub

UXC Context7

v1.0.0

Query up-to-date library documentation and code examples using Context7 MCP. Use when you need current, version-specific documentation for npm packages, Pyth...

0· 287·1 current·1 all-time
by@jolestar·fork of @thesethrose/context7 (1.0.3)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared prerequisites (uxc skill + network access to mcp.context7.com), and the commands shown (context7-mcp-cli resolve-library-id / query-docs or uxc fallback) are coherent and proportional to the stated goal.
Instruction Scope
SKILL.md only instructs creating or using a fixed link command and calling the MCP endpoints to resolve library IDs and query docs. It does not ask the agent to read arbitrary system files, secrets, or send data to third-party endpoints other than mcp.context7.com.
Install Mechanism
No install spec — instruction-only skill — so nothing is downloaded or written by the skill itself. The only installation-related action is a documented use of the existing 'uxc link' command (uxc must be present).
Credentials
The skill requests no environment variables or credentials. The repository includes a validate.sh that requires 'rg' (ripgrep) for repository validation, but that is a development-time check and not a runtime credential requirement.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges or modify other skills' configurations. Normal autonomous invocation is allowed (disable-model-invocation: false) which is expected for skills.
Assessment
This skill appears internally consistent, but before installing consider: (1) queries are sent to https://mcp.context7.com/mcp — avoid sending proprietary secrets or license-restricted code unless you trust that service and your privacy policy; (2) the skill depends on the 'uxc' tool/link behavior — verify what 'uxc link' does in your environment before running it; (3) validate.sh requires 'rg' only for repo validation (not runtime). Also remember the agent can invoke the CLI autonomously, so review and restrict network access or agent permissions if you need tighter control.

Like a lobster shell, security has layers — review code before you run it.

latestvk975whcxp59fmmgjxrjybk8fth82791s

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments