Mcp Builder
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent MCP development guide with expected, user-directed testing and MCP connection helpers, and no artifact evidence of hidden credential use, persistence, exfiltration, or destructive behavior.
This skill appears safe to use as an MCP development guide. Before using its helper scripts or examples, review any command the agent proposes to run, connect only to trusted MCP servers, and avoid providing broad credentials or auth headers unless they are necessary and scoped.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the suggested command can execute code in the user's development environment.
The guide recommends a user-directed command that can execute the MCP Inspector package. This is expected for MCP development testing, but it is still local package execution.
Test with MCP Inspector: `npx @modelcontextprotocol/inspector`
Run these commands only in a trusted project environment and consider pinning package versions when reproducibility matters.
If pointed at an untrusted or destructive MCP server, tool calls could affect external data or local state.
The helper can start a user-selected stdio MCP server command and call arbitrary MCP tool names on the connected server. This is central to MCP testing, but the chosen server/tools determine the real-world effect.
return stdio_client(StdioServerParameters(command=self.command, args=self.args, env=self.env)) ... result = await self.session.call_tool(tool_name, arguments=arguments)
Connect only to MCP servers you trust, review the command being launched, and keep evaluation calls read-only unless the user explicitly approves mutations.
Credentials or request metadata in headers could be sent to whatever MCP endpoint the user selects.
The helper supports remote MCP connections with caller-supplied URLs and headers. This is expected for MCP clients, but headers may contain sensitive authorization data.
return sse_client(url=self.url, headers=self.headers) ... return streamablehttp_client(url=self.url, headers=self.headers)
Use HTTPS trusted endpoints, avoid sending auth headers to unfamiliar servers, and prefer least-privilege tokens.
Generated MCP server code or design choices may vary if the external documentation changes.
The skill relies on live, mutable remote documentation from a main branch. This is reasonable for a current development guide, but the referenced content can change over time.
Use WebFetch to load `https://raw.githubusercontent.com/modelcontextprotocol/typescript-sdk/main/README.md`
Use official documentation, verify version compatibility, and pin SDK/package versions in the actual MCP project.