Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Mcp Server Builder
v1.0.0MCP (Model Context Protocol) 服务器开发助手。从零构建 MCP 服务器、工具、提示模板。触发词:mcp、服务器、协议、工具构建。
⭐ 0· 45·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to scaffold an MCP server and the SKILL.md provides complete server, tool, and resource examples (tools for web search, file operations, DB queries). That is broadly coherent with the stated purpose. However the skill does not declare the practical prerequisites it expects (Node/npm, network access to npm registry, npx), which are required to follow the instructions.
Instruction Scope
The instructions include an explicit file_operations tool that reads, writes, lists, and deletes arbitrary filesystem paths and a database_query tool that accepts arbitrary SQL. Those capabilities are powerful and can be used to exfiltrate local files or modify system data. While plausible for a server-builder example, the guide offers no sandboxing guidance and the code examples perform sensitive I/O without restrictions.
Install Mechanism
This is instruction-only (no install spec), so nothing is written by the skill package itself — low static install risk. But the SKILL.md instructs users to run npm install and npx, which will fetch packages from public registries (network-dependent). The skill did not declare that npm/node must be present.
Credentials
requires.env is empty, yet the examples reference process.env (e.g., DATABASE_URL in a commented example). The examples implicitly require network access and potentially database credentials to be useful. The skill asks for access patterns (filesystem, DB queries) that normally require credentials or explicit declarations but none are enumerated.
Persistence & Privilege
The skill is not always-enabled and has no install hooks or code that modifies other skills or system configuration. It does not request persistent inclusion or special agent privileges.
Scan Findings in Context
[NO_CODE_FILES] expected: The static scanner had nothing to analyze because this is an instruction-only skill (SKILL.md includes code examples but no runnable files). This is expected but means the runtime behavior depends on code you or the agent will create and run.
What to consider before installing
This skill appears to be a legitimate MCP server tutorial, but before running anything: 1) assume the examples will execute arbitrary filesystem and DB operations — review and restrict the file_operations and database_query handlers before running. 2) The guide expects Node/npm/npx and network access to fetch packages; run in a disposable VM, container, or sandbox, not on a sensitive host. 3) If you need DB access, create a least-privilege test database and set credentials explicitly (and add required env vars to the skill metadata if you publish). 4) Audit any npm packages installed (e.g., @modelcontextprotocol/sdk) and inspect any generated code for hardcoded endpoints or secrets. 5) If you don't need file or DB tooling, remove or stub those examples. If you want a lower-risk evaluation, provide the actual runnable code (not just examples) and list expected env vars/binaries so I can reassess.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwed36j0s92fqmkkgvfcjr984nkh0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.