Millimetric Mcp Setup
ReviewAudited by ClawScan on May 17, 2026.
Overview
This is a coherent setup guide for Millimetric MCP, but installing it means giving an AI agent a Millimetric key that can read analytics and, with broader keys, write events or access multiple projects.
This skill appears benign for its stated purpose. Before using it, choose the narrowest Millimetric key that works, store the key securely in your MCP client configuration, and remember that any connected agent may read analytics data and may write events if you give it a write-capable key.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a broad key, the connected agent may be able to read analytics across projects or emit analytics events.
The skill explicitly relies on Millimetric credentials whose scope can include write access or all projects on an account.
`ak_live_…` | All projects on the account ... `sk_live_…` | the read tools above plus `track_event`
Use the least-privileged key possible, preferably `rk_*` for read-only access, and avoid `sk_*` or `ak_*` unless that broader access is required.
An agent with a write-capable key could add analytics events, which may affect reports or metrics.
The MCP toolset can include a write-capable event-ingestion tool when a secret key is supplied.
`track_event` | ingest (`sk_*`) | Emit a single event.
Only grant `sk_*` access when event emission is intended, and review agent actions that write analytics data.
Your agent will communicate with Millimetric’s MCP service and can retrieve analytics data allowed by the supplied key.
The setup connects an MCP client to an external Millimetric endpoint using a bearer token.
`url`: `https://api.millimetric.ai/mcp` ... `headers`: { `Authorization`: `Bearer rk_live_…` }Verify the endpoint is the intended Millimetric service, keep bearer tokens out of shared files, and rotate keys if exposed.