← Back to Skills Marketplace

MCP协议配置

Name: MCP协议配置
Author: godzff

by godzff · GitHub ↗ · v1.0.0

cross-platform ⚠ suspicious

745

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install mcp-protocol

Description

配置和管理 MCP 服务器，实现 AI 调用外部工具如视觉理解和网络搜索的能力。

Usage Guidance

This skill is inconsistent and requires caution. Before installing or running any commands: 1) Do not run curl ... | sh from unknown domains — it can install arbitrary code. 2) Verify the actual tool names and sources (what is 'mcporter', who publishes 'clawhub', and is 'astral.sh' trustworthy). 3) Treat MINIMAX_API_KEY as sensitive: don't paste production keys into an unverified config file; use least-privilege/test credentials or secrets manager. 4) Inspect the MCP packages (minimax-coding-plan-mcp, uvx, etc.) on their official registries/repos and review their code. 5) Prefer running these steps in an isolated environment (VM/container) or decline until the author/source and package provenance are confirmed. 6) Ask the skill author for a homepage/source repo and a clear explanation for why 'clawhub' is installed but 'mcporter' is used. If you cannot verify origins and contents, avoid running the install commands or providing API keys.

Capability Analysis

Type: OpenClaw Skill Name: mcp-protocol Version: 1.0.0 The skill is classified as suspicious primarily due to the use of `curl -LsSf https://astral.sh/uv/install.sh | sh` in `SKILL.md`. While `uv` is a legitimate tool, this `curl | sh` pattern is a high-risk practice that executes arbitrary code from a remote source, presenting a significant vulnerability for remote code execution if the source were compromised. Additionally, the skill's configuration involves handling API keys and mentions other MCP packages like `filesystem-mcp` and `github-mcp`, which imply broad system access capabilities that, if misused or exploited via prompt injection against the AI agent, could lead to unauthorized operations.

Capability Assessment

⚠ Purpose & Capability

The skill claims to configure/manage MCP servers (plausible), but the instructions require installing 'clawhub' (via npm) while the runtime uses 'mcporter' (npx mcporter) — these names don't match. The SKILL metadata declares no required env vars or config paths, yet the sample config expects MINIMAX_API_KEY, MINIMAX_MCP_BASE_PATH, and MINIMAX_API_HOST. The package/host names and the _meta.json ownerId differ from the registry metadata, and there's no homepage or source URL to verify origins.

⚠ Instruction Scope

Runtime instructions tell the user/agent to create ~/.config/mcporter and store API keys in a JSON file, then run npx mcporter commands that will execute external MCP packages. They also instruct running a remote installer (curl | sh) to install 'uvx'. The instructions reference environment variables and a config path not declared in the skill metadata and give the agent broad discretion to install and execute external binaries, which could perform arbitrary filesystem or network actions.

⚠ Install Mechanism

There is no formal install spec, but the SKILL.md directs installing software: 'npm install -g clawhub' and 'curl -LsSf https://astral.sh/uv/install.sh | sh'. The latter is a remote install script (curl|sh) from an external domain (astral.sh) — a high-risk pattern because it downloads and executes code from an unverified source. The install target ('clawhub') doesn't obviously match the runtime tool ('mcporter'/'mcporter.json'), increasing incoherence.

⚠ Credentials

Metadata lists no required environment variables, but the sample configuration embeds MINIMAX_API_KEY, MINIMAX_MCP_BASE_PATH, and MINIMAX_API_HOST. That means sensitive credentials are expected to be stored in the user's config directory despite not being declared. The skill also suggests MCP packages like filesystem-mcp and github-mcp, which, if used, would legitimately require broader permissions — this is not called out in the metadata.

ℹ Persistence & Privilege

The skill is instruction-only and does not set always:true or request autonomous elevation. However, following the instructions will create files in the user's home (~/.config/mcporter) and install global binaries (npm -g) or system-wide tools via a remote installer, producing persistent system changes outside the agent. The skill itself does not declare persistent privileges, but its recommended actions do create persistent artifacts.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install mcp-protocol
After installation, invoke the skill by name or use /mcp-protocol
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

MCP Skill 1.0.0 – Initial Release - Introduces comprehensive setup and usage instructions for MCP (Model Context Protocol) server. - Covers installation, configuration, and validation of MCP with `mcporter`. - Provides sample config for MiniMax server, including visual understanding and web search usage. - Lists supported MCP packages and troubleshooting tips for common issues.

Metadata

Slug mcp-protocol

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is MCP协议配置?

配置和管理 MCP 服务器，实现 AI 调用外部工具如视觉理解和网络搜索的能力。 It is an AI Agent Skill for Claude Code / OpenClaw, with 745 downloads so far.

How do I install MCP协议配置?

Run "/install mcp-protocol" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is MCP协议配置 free?

Yes, MCP协议配置 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does MCP协议配置 support?

MCP协议配置 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created MCP协议配置?

It is built and maintained by godzff (@godzff); the current version is v1.0.0.

More Skills