ClawHub
Back to skill
v1.0.0

mcp-builder

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 4:56 AM.

Analysis

This is an instruction-only MCP server building guide with no executable code, install step, or required credentials; the only notable points are its use of external documentation fetches and references to local guide files not included in the manifest.

GuidanceThis skill appears reasonable to install as a development guide. Expect it to fetch external MCP, SDK, and API documentation during use, and review any MCP server code it helps create—especially tools that can modify third-party services—before running or deploying it.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
Use WebFetch to load: `https://modelcontextprotocol.io/llms-full.txt`

The guide relies on live external documentation and also asks for SDK README files from GitHub. This is expected for an MCP-building guide, but external content becomes part of the implementation context.

User impactThe agent may browse and rely on current external documentation when helping build an MCP server.
RecommendationUse trusted official documentation sources and review any generated MCP server code before running or publishing it.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
SKILL.md
[📋 View Best Practices](./reference/mcp_best_practices.md) ... [🐍 Python Implementation Guide](./reference/python_mcp_server.md) ... [⚡ TypeScript Implementation Guide](./reference/node_mcp_server.md)

SKILL.md references local reference files, while the provided file manifest lists only SKILL.md. This indicates missing supporting documentation in the reviewed artifact set.

User impactSome referenced guidance may be unavailable when the skill is used, which could reduce completeness or cause the agent to rely more heavily on external sources.
RecommendationConfirm whether the referenced files are intentionally omitted, or provide them if they are needed for reliable MCP server development guidance.