ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

github-mpc

v1.0.1

Verifies and configures required MCP servers (Atlassian and GitHub) to enable Product Guide Writer integrations and guides setup if missing.

0· 1.4k·0 current·0 all-time
byEngineering Manager @ Trading 212@tsvetelin-kulinski
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md focuses on verifying/configuring multiple MCP servers (Atlassian, GitHub, optional Figma/Elasticsearch) which is coherent with an MCP prerequisites skill, but the package name 'github-mpc' and missing top-level description are misleading: the content is multi-service (Atlassian-heavy) rather than only GitHub. No declared metadata (required env/config) matches the sensitive operations the instructions recommend.
!
Instruction Scope
The instructions explicitly tell the agent/user to inspect a user-specific config directory (/Users/{username}/.cursor/projects/{workspace}/mcps/), call CallMcpTool operations, and guide users to create/set credentials (GITHUB_TOKEN, Figma token, Elasticsearch access). Reading per-user config and prompting/using tokens is within the task but is sensitive and not declared in the skill metadata. The SKILL.md also references a specific organization (trading212.atlassian.net), which ties the instructions to a particular workspace and could expose org-specific data if run or automated.
Install Mechanism
There is no install spec (instruction-only), which reduces direct installation risk. However the config examples recommend using npx ("npx -y @modelcontextprotocol/server-github") which will download and execute npm package code at runtime — the skill does not provide or vet that package. That recommended install step is a potential supply-chain risk if followed by the user/agent.
!
Credentials
The SKILL.md asks for sensitive credentials (GitHub PAT with repo & read:org scopes, Figma token, Elasticsearch credentials) but the skill metadata lists no required environment variables or primary credential. The requested credentials are plausible for the stated tasks, but the absence of declared env requirements is an inconsistency and the instructions encourage creating/exporting long-lived tokens and running remote installs without guidance on scoping/minimizing permissions.
Persistence & Privilege
The skill does not request persistent presence (always: false) nor attempt to modify other skills or system-wide settings in the instructions. It only guides user-level configuration changes to MCP server entries.
What to consider before installing
This skill mainly guides MCP configuration and is not obviously malicious, but it does ask you to read local Cursor config directories and to create/use sensitive tokens (GitHub PAT, Figma token, Elasticsearch credentials). Before installing or following its steps: - Confirm the skill's provenance (unknown owner). Prefer official/internal docs or verified packages for your organization. - Do not run recommended npx commands (e.g., "npx -y @modelcontextprotocol/server-github") without auditing the npm package. Consider installing from an approved release or inspecting the package source first. - Use least-privilege tokens: create PATs with minimal scopes, prefer short-lived tokens or org-approved app installations instead of user PATs when possible. - Review the referenced config path (~/.cursor/...) and back up any sensitive files before allowing the agent to inspect them. Consider performing checks on an isolated machine/account if you have sensitive workspace access (e.g., trading212). - If you need automated checks, restrict the agent's actions (do not allow autonomous invocation) until you can validate the skill and its external dependencies. If you want, I can: list specific places in SKILL.md that read local files or ask for tokens, suggest safer alternatives (OAuth app vs PAT), or check the npm package mentioned for known issues.

Like a lobster shell, security has layers — review code before you run it.

latestvk979pyk12v8fa6ezgvwc79hvjx80ggkx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments