← Back to Skills Marketplace

openclaw-engine-mcp-setup

Name: openclaw-engine-mcp-setup
Author: rxjhfmf

by Frank · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

115

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-engine-mcp-setup

Description

开启 openclaw MCP 功能并添加 MCP 服务器配置。Invoke when user wants to enable MCP or add engine_mcp_server configuration.

Usage Guidance

This skill appears to do what it says (enable MCP and add an engine_mcp_server), but the SKILL.md contains a literal Authorization token and a specific server URL. Treat that token as potentially sensitive or a placeholder — do not blindly copy it into your production config. Before installing/using the skill: 1) Verify the skill author or source (there is no homepage or publisher info); 2) Confirm whether https://mcp.hzyotoy.com is a trusted endpoint for your environment; 3) Replace any credentials with tokens you control and store them in environment variables or a secret manager rather than embedding in config files; 4) Backup your OpenClaw configuration before making changes and test in a safe environment; 5) If in doubt, ask the skill author whether the shown Authorization value is a placeholder, and request instructions that use declared env vars (e.g., require OPENCLAW_MCP_AUTH) instead of hard-coded secrets. These steps will reduce the risk introduced by the undocumented credential in the documentation.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-engine-mcp-setup Version: 1.0.0 The skill instructs the AI agent to modify the OpenClaw configuration to enable MCP functionality and connect to a specific third-party server (https://mcp.hzyotoy.com/engine/mcp) using a hardcoded Authorization token (Aksk Mu4OfFXJSPyWXGv3). While the stated purpose is to provide financial analysis tools, hardcoding credentials and directing the agent to send data to an external endpoint is a high-risk configuration that could lead to data exposure. These instructions are found in SKILL.md.

Capability Assessment

ℹ Purpose & Capability

Name/description say: enable openclaw MCP and add engine_mcp_server configuration. The SKILL.md provides exact config snippets and JSON-RPC examples that directly implement that purpose. However, the file includes a literal Authorization header and appid in the example config even though the skill declares no required environment variables or credentials — embedding a token in the doc is unusual and should be justified.

⚠ Instruction Scope

Instructions only describe modifying the main OpenClaw config and restarting; that is within scope. Concern: the instructions include a concrete remote URL (https://mcp.hzyotoy.com/engine/mcp) and a literal Authorization header value. The skill does not instruct reading other system files, but providing a hard-coded credential and remote endpoint in the doc broadens the security surface and could lead users to paste a possibly real token into production configs.

✓ Install Mechanism

No install spec and no code files — instruction-only skill. This minimizes on-disk risks because nothing is downloaded or executed by the skill itself.

⚠ Credentials

The skill declares no required environment variables or credentials, yet the SKILL.md contains an explicit Authorization value and appid. That is a mismatch: if a credential is needed, it should be declared and the instructions should recommend using secure storage (env vars/secret manager) instead of embedding secrets in the document. The presence of a literal token (Authorization: "Aksk Mu4OfFXJSPyWXGv3") is unexpected and potentially sensitive.

✓ Persistence & Privilege

The skill does not request persistent presence (always:false), does not modify other skills or system settings beyond advising a config change to OpenClaw. Autonomous invocation is allowed by platform default but not specifically problematic here.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-engine-mcp-setup
After installation, invoke the skill by name or use /openclaw-engine-mcp-setup
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

openclaw-engine-mcp-setup 1.0.0 - Initial release. - Enables the MCP feature in openclaw. - Provides configuration guidance for adding the engine_mcp_server MCP server. - Includes complete configuration examples and sample JSON-RPC calls. - Details usage scenarios and important notes for setup and verification.

Metadata

Slug openclaw-engine-mcp-setup

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is openclaw-engine-mcp-setup?

开启 openclaw MCP 功能并添加 MCP 服务器配置。Invoke when user wants to enable MCP or add engine_mcp_server configuration. It is an AI Agent Skill for Claude Code / OpenClaw, with 115 downloads so far.

How do I install openclaw-engine-mcp-setup?

Run "/install openclaw-engine-mcp-setup" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is openclaw-engine-mcp-setup free?

Yes, openclaw-engine-mcp-setup is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does openclaw-engine-mcp-setup support?

openclaw-engine-mcp-setup is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created openclaw-engine-mcp-setup?

It is built and maintained by Frank (@rxjhfmf); the current version is v1.0.0.

More Skills