MCP Workflow
WarnAudited by ClawScan on May 10, 2026.
Overview
This workflow skill is mostly coherent, but its MCP server can read arbitrary local file paths and persist workflow data without clear limits.
Only run this skill in a trusted workspace. Before starting the MCP server, confirm it cannot read outside the directories you intend to share, and avoid using it with secrets or private files unless file access is restricted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the MCP server is running, an agent or connected MCP client could load sensitive local files into the workflow or conversation.
The MCP resource interface accepts an arbitrary file path and reads it directly, with no visible workspace restriction, allowlist, sensitive-path block, or user approval gate.
uriTemplate: 'file://{path}' ... const filePath = uri.replace('file://', ''); ... const content = fs.readFileSync(filePath, 'utf8');Restrict file:// access to explicit project/workflow directories, block absolute paths and traversal, exclude sensitive locations, and require user confirmation for out-of-scope reads.
Inputs or intermediate workflow data may remain on disk after a workflow finishes.
Workflow context is written to a persistent local memory file, which is expected for workflow state but may retain sensitive inputs unless users manage or clear it.
MEMORY_FILE="${MCP_DIR}/.workflow-memory.json" ... echo "$context" > "$MEMORY_FILE"Document what is stored, add a clear memory-cleanup command or retention policy, and avoid storing secrets or private file contents in workflow context.
Users may need to install unspecified dependencies before running the server, which adds provenance and reproducibility risk.
The server depends on an external MCP SDK, but the provided artifacts include no package.json, lockfile, install spec, or version pinning for that dependency.
const { Server } = require('@modelcontextprotocol/sdk/server/index.js');Declare required binaries and packages, provide pinned dependency metadata, and document a safe installation path.