← Back to Skills Marketplace

Mcp Skill Hardened

Name: Mcp Skill Hardened
Author: snazar-faberlens

by Faberlens · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mcp-skill-hardened

Description

Wraps the Exa MCP server (mcp.exa.ai) for web search, deep research, and related tools.

Usage Guidance

This skill appears coherent and low-risk as delivered (instruction-only, no installs, no credentials). Before installing: 1) Verify the skill's origin (source/homepage is missing) so you know who authored it. 2) Confirm whether your environment needs to supply Exa MCP credentials or network access — the SKILL.md mentions mcp.exa.ai but does not declare credentials. 3) Test it in a restricted/sandboxed agent to observe actual network calls and ensure it doesn't leak sensitive prompts. 4) Observe the guardrails in SKILL.md (they're sensible) and require per-request consent for any long-running 'deep_researcher_start' operations. If you need higher assurance about provenance, request a published source or upstream repository before deployment.

Capability Analysis

Type: OpenClaw Skill Name: mcp-skill-hardened Version: 1.0.0 The skill bundle is a security-hardened wrapper for the Exa MCP search service. It includes explicit defensive instructions in SKILL.md and SAFETY.md designed to prevent SSRF, bulk resource exhaustion, and corporate espionage. No malicious logic, data exfiltration, or harmful prompt injections were found; the content is focused on enforcing safety guardrails for the AI agent.

Capability Assessment

✓ Purpose & Capability

The name and description claim to wrap Exa's MCP for web search and research; the SKILL.md enumerates matching tools (web_search_exa, deep_search_exa, crawling_exa, company_research_exa, etc.). There are no unrelated required binaries, environment variables, or config paths requested, so the required surface matches the stated purpose. (The source/homepage are missing, which reduces provenance but does not create an internal inconsistency.)

✓ Instruction Scope

SKILL.md is instruction-only and directs the agent to use the listed MCP tools. It includes explicit security guardrails (SSRF handling, bulk-enumeration limits, refusal for corporate espionage, per-request consent for deep research). It does not instruct the agent to read arbitrary local files, system credentials, or to exfiltrate data to unexpected endpoints.

✓ Install Mechanism

There is no install spec and no code files to write to disk; this is the lowest-risk pattern (instruction-only). No downloads, package installs, or custom binaries are specified.

✓ Credentials

The skill declares no required environment variables, credentials, or config paths, which is proportional to an instruction-only wrapper. One caveat: the SKILL.md references an external endpoint (https://mcp.exa.ai/mcp); any real integration may require API credentials or network access that are not declared here — the lack of declared credentials is consistent with an instruction-only skill but means you should verify any runtime wiring before enabling it in a production agent.

✓ Persistence & Privilege

The skill does not request always:true and does not declare system-wide configuration changes. It is user-invocable and allows normal autonomous invocation (platform default) but does not demand elevated persistent privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mcp-skill-hardened
After installation, invoke the skill by name or use /mcp-skill-hardened
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of mcp-skill-hardened, wrapping Exa MCP for research and search tools. - Provides an interface to MCP at mcp.exa.ai for web search, deep research, and related capabilities. - Includes tools: web_search_exa, web_search_advanced_exa, get_code_context_exa, deep_search_exa, crawling_exa, company_research_exa, linkedin_search_exa, deep_researcher_start, deep_researcher_check. - Applies four security guardrails, including client-side URL validation, batching limits, anti-espionage controls, and user consent requirements for deep research. - Outlines which tools require explicit user confirmation and which do not.

Metadata

Slug mcp-skill-hardened

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Mcp Skill Hardened?

Wraps the Exa MCP server (mcp.exa.ai) for web search, deep research, and related tools. It is an AI Agent Skill for Claude Code / OpenClaw, with 47 downloads so far.

How do I install Mcp Skill Hardened?

Run "/install mcp-skill-hardened" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Mcp Skill Hardened free?

Yes, Mcp Skill Hardened is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Mcp Skill Hardened support?

Mcp Skill Hardened is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Mcp Skill Hardened?

It is built and maintained by Faberlens (@snazar-faberlens); the current version is v1.0.0.

More Skills