by 安全扫描
OpenClaw
安全
medium confidenceThe skill's code and instructions match its stated purpose (scaffolding MCP servers); nothing requests external credentials or network access, though there are minor metadata inconsistencies and a writable-path option you should use cautiously.
评估建议
This skill appears to do only scaffolding and contract-summary generation and does not request secrets or network access. Before running: 1) prefer dry-run to inspect output without file writes; 2) avoid enabling --allow-outside-workspace unless you trust the payload and want files written outside the current directory; 3) review and validate any input JSON (it is capped at 1MB) and the generated artifact path to avoid overwriting important files; 4) note the metadata mismatches (ownerId/slug/ve...详细分析 ▾
ℹ 用途与能力
The SKILL.md, included Python script, and reference guide all implement scaffolding and contract-check behavior described by the skill. Minor incoherence: registry metadata (slug, ownerId, and version) in the skill bundle differs from values inside _meta.json and the SKILL.md name; this looks like packaging/versioning drift rather than functional mismatch.
✓ 指令范围
Runtime instructions are limited: run scripts/scaffold_mcp_server.py and consult the guide. The script reads a JSON payload (with a 1MB cap), normalizes tool names, optionally writes a small set of starter files, and emits an artifact. It does not invoke network calls, read arbitrary system files, or attempt to exfiltrate data.
✓ 安装机制
Instruction-only skill with no install spec and no external downloads. The only code executed is the included Python script; no dependencies are required beyond a Python runtime.
✓ 凭证需求
The skill requests no environment variables, credentials, or config paths. The script operates on input/output file paths only, which is proportional to a scaffolding tool.
✓ 持久化与权限
always is false and the skill does not request permanent presence or modify other skills. It may write files into the workspace (or outside it if --allow-outside-workspace is used), which is expected for a scaffolder.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/7
- Initial release of agentic-mcp-server-builder. - Enables scaffolding of MCP server projects with tool schema definitions and baseline contract checks. - Generates starter server layouts and summarizes tool contracts from structured lists. - Provides scripts and guides for creating and validating MCP-ready server structures. - Emphasizes explicit tool boundaries and clear input/output schemas.
● 可疑
安装命令 点击复制
官方npx clawhub@latest install agentic-mcp-server-builder-conflict
镜像加速npx clawhub@latest install agentic-mcp-server-builder-conflict --registry https://cn.clawhub-mirror.com
技能文档
Overview
Create a minimal MCP server scaffold and contract summary from a structured tool list.
Workflow
- Define server name 和 tool 列表 带有 descriptions.
- Generate scaffold file 地图 和 tool contract summary.
- Optionally materialize starter files 当...时 不 在...中 dry-run mode.
- Review generated contract checks 之前 adding business logic.
使用 Bundled Resources
- Run
scripts/scaffold_mcp_server.py到 generate starter artifacts. - 读取
references/mcp-scaffold-guide.md对于 file 布局 和 contract checks.
Guardrails
- Keep tool boundaries explicit 和 minimal.
- Include deterministic outputs 和 清除 输入框/输出 schemas.
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制
免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制