MCP Server Discovery
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mcp-server-discovery Version: 1.0.0 The skill bundle is designed to discover and configure MCP servers. The `scripts/mcp_discover.py` script lists hardcoded server information and generates client configurations that include `npx` commands. While `npx` can execute remote code, the script itself does not execute these commands; it merely outputs them as part of a configuration. The script does not perform any network requests to external registries despite importing `urlopen`, nor does it attempt to exfiltrate data, access sensitive files, or establish persistence. No prompt injection attempts were found in `SKILL.md` or other documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user saves a generated config without reviewing it, their MCP client may gain access to local files, repositories, databases, web automation, or persistent memory depending on the selected servers.
The skill can generate MCP client configurations for servers that may expose high-impact tools, including filesystem, GitHub, and memory access. This is aligned with the stated purpose and user-directed, but users should review what each server will be allowed to do.
python3 scripts/mcp_discover.py config --servers "filesystem,github,memory" ... Save the output to your MCP client's config file
Only enable MCP servers you need, review each server's permissions, and add explicit filesystem paths, credentials, or other limits before using the generated configuration.
A future or tampered package version could affect the MCP server that gets launched by the client.
Generated configurations use npx with unpinned package names. This is expected for an MCP setup helper, but it means the MCP client will fetch or run external npm packages when the config is used.
"command": "npx", "args": ["-y", f"@modelcontextprotocol/server-{server_name}"]Verify package names against official MCP documentation, consider pinning versions, and install only from trusted sources.
Over-scoped tokens could let an MCP server act broadly on a user's third-party account.
The reference material explains that downstream MCP servers may use account tokens or API keys. The skill itself does not collect or require these credentials, but generated configurations may lead users to add them.
GitHub ... Requires: GITHUB_TOKEN environment variable ... "env": { "API_KEY": "your-key" }Use least-privilege tokens, avoid pasting broad personal credentials into configs, and rotate credentials if a server is no longer needed.
Information stored by a memory server may be reused later, including sensitive or stale context.
The skill can point users to a persistent memory MCP server. This is disclosed and purpose-aligned, but persistent memory can retain sensitive or incorrect information across sessions.
Memory ... Knowledge graph-based persistent memory ... Store and recall information across sessions
Enable persistent memory only when needed, review what it stores, and clear or restrict retained memory when appropriate.