← Back to Skills Marketplace

MCP Best Practices

Name: MCP Best Practices
Author: tenequm

by Misha Kolesnik · GitHub ↗ · v0.3.0 · MIT-0

cross-platform ✓ Security Clean

212

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mcp-best-practices

Description

Build production MCP servers with the TypeScript SDK. Covers spec 2025-11-25, SDK v1.29+/v2 alpha, transport selection, tool design, error handling, security...

Usage Guidance

This skill is a documentation bundle (best-practices and code examples) and appears internally consistent. Before using its examples in production: 1) verify you install the referenced SDK versions (note the minimum SDK requirement for CVEs) from trusted registries; 2) review any commands (e.g., cloudflared, npm) before running them locally and avoid running unfamiliar scripts as root; 3) when using stdio or spawning processes, apply the documented command-injection mitigations and sandboxing; 4) confirm OAuth and token handling patterns match your security posture (the guide highlights several dangerous patterns to avoid); and 5) consider the fact the skill's source/homepage is unknown—prefer code and packages from recognized maintainers and run dependency scans/supply-chain checks before deploying.

Capability Analysis

Type: OpenClaw Skill Name: mcp-best-practices Version: 0.3.0 The skill bundle is a comprehensive technical reference and best-practices guide for developers building Model Context Protocol (MCP) servers. It contains detailed documentation on SDK usage, security mitigations (including references to CVE-2026-25536 and CVE-2026-0621), and architectural patterns. There is no evidence of malicious intent, data exfiltration, or harmful instructions; rather, the content explicitly focuses on helping developers build secure and performant MCP implementations.

Capability Tags

cryptocan-make-purchasesrequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

The skill is documentation for MCP server best practices and references the TypeScript SDK and related packages. It requests no environment variables, binaries, or install steps, which is proportionate for a documentation-only skill.

ℹ Instruction Scope

SKILL.md and reference files contain detailed code examples, deployment patterns, and operational guidance (including examples that read files, spawn servers, and use tools like cloudflared). Those examples are appropriate for a developer-facing best-practices guide, but they include instructions that, if copied verbatim, could start network services or expose local servers. The skill's instructions do not direct the agent to read unrelated host files or secrets or to exfiltrate data.

✓ Install Mechanism

There is no install spec and no code to install; the skill is instruction-only. The documentation refers to npm packages and commands (as examples), but it does not itself pull or execute code.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths. Example code shows use of filesystem APIs and network calls appropriate to server examples; nothing in the metadata demands access to unrelated secrets or services.

✓ Persistence & Privilege

Flags show always:false and normal user-invocable/autonomous invocation settings. The skill does not request persistent system presence or attempt to modify other skills or agent-wide settings.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mcp-best-practices
After installation, invoke the skill by name or use /mcp-best-practices
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.3.0

Updated mcp-best-practices from 0.2.1 to 0.3.0. Changes: - added `CHANGELOG.md` - modified `SKILL.md` - modified `references/error-handling.md` - modified `references/extensions-registry.md` - modified `references/mcp-apps.md` - modified `references/security-auth.md` - modified `references/tool-schema-guide.md` - modified `references/v2-migration.md`

v0.2.1

Updated mcp-best-practices from 0.2.0 to 0.2.1. Changes: - modified `SKILL.md` - modified `references/security-auth.md` - modified `references/v2-migration.md`

v0.2.0

Updated mcp-best-practices from 0.1.0 to 0.2.0. Changes: - modified `SKILL.md` - added `references/extensions-registry.md` - added `references/mcp-apps.md` - added `references/security-auth.md`

v0.1.0

Initial publish of mcp-best-practices

Metadata

Slug mcp-best-practices

Version 0.3.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is MCP Best Practices?

Build production MCP servers with the TypeScript SDK. Covers spec 2025-11-25, SDK v1.29+/v2 alpha, transport selection, tool design, error handling, security... It is an AI Agent Skill for Claude Code / OpenClaw, with 212 downloads so far.

How do I install MCP Best Practices?

Run "/install mcp-best-practices" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MCP Best Practices free?

Yes, MCP Best Practices is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does MCP Best Practices support?

MCP Best Practices is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MCP Best Practices?

It is built and maintained by Misha Kolesnik (@tenequm); the current version is v0.3.0.

More Skills