首页 / 技能 / mcp-bridge — 技能工具

📦 mcp-bridge — 技能工具

v1.0.1

Use mcp-bridge-openclaw CLI to connect to and manage Model Context Protocol (MCP) servers with auto-reconnection and retry logic. Install via npm install -g...

0· 481·6 当前·6 累计
jaggu1999 头像by @jaggu1999·MIT-0
生产力工具
下载技能包
License
MIT-0
最后更新
2026/3/10
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
安全
medium confidence
The skill's instructions and requirements are internally consistent with a CLI that connects to MCP servers, but it relies on fetching and running third‑party npm packages at install/runtime so there is moderate supply‑chain risk to review before use.
评估建议
This skill appears to do what it says, but it executes and downloads code from npm (both during global install and via npx when launching server implementations). Before installing: 1) inspect the npm package and its GitHub repository (publisher, recent commits, issues). 2) Avoid global install if possible; consider installing in an isolated environment/container. 3) Pin versions and review package.json/maintainers. 4) Limit and scope any tokens (e.g., GITHUB_TOKEN) used by server implementation...
详细分析 ▾
用途与能力
Name, description, and runtime instructions all describe a CLI/SDK for connecting to MCP servers. The npm package + config-based server definitions (including running server implementations via npx) are coherent with the stated purpose.
指令范围
SKILL.md instructs installing the npm package and running the CLI with a config.json. The config lets you specify arbitrary commands/args (e.g., npx calls) and environment variables, which is expected for a bridge but means the skill's runtime can execute arbitrary third‑party code and read the provided config file and any env vars you pass.
安装机制
There is no formal install spec in the skill bundle (it's instruction‑only), but SKILL.md tells users to run npm install -g. Installing a global npm package and using npx to fetch server implementations at runtime is typical here but increases supply‑chain risk because code is fetched from npm/GitHub during install or execution.
凭证需求
The manifest declares no required env vars. SKILL.md recommends using environment variables for tokens (example: GITHUB_TOKEN). That is reasonable, but tokens grant access to external services and should be scoped and protected; the skill does not request unrelated credentials.
持久化与权限
always is false and the skill is user-invocable. The skill does not request elevated platform privileges in the manifest. No indication it modifies other skills or system-wide settings.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/10

- Added homepage and repository links to SKILL.md for improved discoverability. - Noted verified npm publisher (`jaggu37`) in the documentation. - Updated config example to emphasize security best practices using environment variables for tokens. - Simplified configuration and usage examples for clarity. - Minor edits for improved documentation and security guidance.

无害

安装命令

点击复制
官方npx clawhub@latest install mcp-bridge
镜像加速npx clawhub@latest install mcp-bridge --registry https://cn.longxiaskill.com

技能文档

CLI tool for connecting to MCP servers with built-in resilience.

Installation

npm install -g mcp-bridge-openclaw

Verified publisher: npm user jaggu37

Commands

Connect to MCP server

mcp-bridge --config config.json

List available servers

mcp-bridge --config config.json --list

Run with verbose logging

mcp-bridge --verbose --config config.json

Configuration

Create config.json:

{
  "servers": {
    "filesystem": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
      "env": {}
    }
  }
}

Security tip: Use environment variables for tokens instead of plaintext in config:

{
  "servers": {
    "github": {
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-github"],
      "env": {
        "GITHUB_TOKEN": "${GITHUB_TOKEN}"
      }
    }
  }
}

Then run: GITHUB_TOKEN=your_token mcp-bridge --config config.json

Programmatic Usage

import { MCPBridge } from 'mcp-bridge-openclaw';
const bridge = new MCPBridge({
  configPath: './config.json',
  onServerConnect: (name) => console.log(Connected to ${name}),
});
await bridge.connect();
await bridge.disconnect();

Key Features

  • Auto-reconnect on disconnect
  • Configurable retry logic
  • Type-safe JSON config
  • CLI + programmatic API
  • Multiple server support
数据来源ClawHub ↗ · 中文优化:龙虾技能库