📦 Mcp Integration — MCP模型接入

Name: Mcp Integration — MCP模型接入
Rating: 17

v0.1.1

通过 Model Context Protocol 服务器，让 AI 智能体一键发现并调用外部工具与数据源（法律库、API、数据库、天气等），实现跨服务无缝扩展。

17· 7.2k·53 当前·55 累计

by @lunarpulse

AI模型访问 API工具智能体自动化云服务

下载技能包

最后更新

2026/3/11

安全扫描

VirusTotal

无害

查看报告

OpenClaw

安全

high confidence

NULL

评估建议

This plugin appears to do what it says: expose MCP servers' tools to agents. Before installing or enabling it, consider the following: - Only configure servers you trust. The plugin will forward requests and responses to whatever URL/command you provide — a malicious or compromised MCP server can return harmful data or attempt to trick the agent. - Avoid placing secrets directly in repository files. Use environment variables stored securely (not committed to git) and prefer per-server env entri...

详细分析 ▾

✓ 用途与能力

Name/description, SKILL.md, README, config schema and code (http-transport.js, index.js) all implement an MCP HTTP/SSE transport, discovery (list) and invocation (call) of remote tools. The ability to call database, weather, legal services, etc. is coherent with the stated purpose. The config also supports a stdio transport (command, args, env) which is powerful but explainable (some MCP servers are local binaries).

✓ 指令范围

Runtime instructions are narrowly focused: list available tools, inspect tool inputSchema, validate and construct calls, parse responses, chain calls, and handle errors. The SKILL.md and docs reference only OpenClaw config files (~/.openclaw/openclaw.json) and environment variables that are expected for configuring MCP servers. There are no instructions to read unrelated host files or exfiltrate data.

ℹ 安装机制

There is no registry install spec (instruction-only at registry level), which reduces automatic install risk. However the bundle includes Node.js code and README with manual install steps (git clone + npm install). That means if you follow the README and install the plugin it will write files and execute Node.js code under your OpenClaw instance. The code appears to only implement transport/management (no obfuscated downloads), but installing still grants it runtime ability to make network requests and spawn processes (via stdio transport) if configured.

ℹ 凭证需求

The registry declares no required env vars, which is consistent. Documentation explains using environment variables (or an envFile) to provide API keys to specific MCP servers and allows per-server env settings for stdio transport. This is reasonable for integrating third‑party services, but it means secrets placed in OpenClaw config or passed into spawned MCP processes could be exposed to the remote servers — configure with care and avoid committing secrets in repo/config files.

✓ 持久化与权限

The skill is not forced always-on (always:false) and uses the normal autonomous-invocation defaults. It does not request modification of other plugins or system-wide settings. Its persistence model (registered mcp tool, configured in openclaw.json) is typical for an OpenClaw plugin.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv0.1.12026/2/2

NULL

● 无害

安装命令

点击复制

官方npx clawhub@latest install openclaw-mcp-plugin

镜像加速npx clawhub@latest install openclaw-mcp-plugin --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库