← 返回 Skills 市场
engsathiago

Mcp Server Scanner

作者 engsathiago · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
108
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install mcp-server-scanner
功能描述
Scans and assesses MCP servers for vulnerabilities, insecure configs, data exposure, and compliance with SOC 2, GDPR, and ISO 27001 standards.
安全使用建议
This skill's goals (discovering MCP servers, finding hardcoded secrets, scanning configs and network) imply access to sensitive system files and network traffic, but the package declares no required credentials, binaries, or file paths and gives only vague instructions. Before installing or invoking it: 1) Ask the author for source code or a trustworthy homepage and for an explicit list of files/paths, network ranges, and credentials the skill will access. 2) Require the skill to declare required env vars and exact commands it will run, or reject it. 3) Run any scan in an isolated/test environment and with written authorization for the scope. 4) Avoid granting the agent network access or secrets without tight controls; prefer skills with verifiable provenance. If the author cannot provide clear, scoped details, treat this skill as high-risk and do not run it against production systems.
功能分析
Type: OpenClaw Skill Name: mcp-server-scanner Version: 1.0.0 The skill bundle contains no executable code and relies entirely on instructions in SKILL.md to direct the AI agent to perform high-risk reconnaissance. It tasks the agent with searching for hardcoded secrets, PII, and configuration files across the environment under the guise of a 'security scan.' This pattern is characteristic of a prompt-injection attack designed to trick an agent into exposing sensitive environment data through its output without providing any actual scanning logic.
能力评估
Purpose & Capability
The SKILL.md describes discovery (finding MCP servers and agent configs), secret detection, network/TLS checks, and compliance mapping — tasks that normally require access to network scanning tools, host/config paths, or API credentials. Yet the skill declares no required binaries, no config paths, and no environment variables. That mismatch (claiming intrusive capabilities but requesting no explicit access) is unexplained and disproportionate.
Instruction Scope
The runtime instructions are high-level and open-ended: they tell the agent to 'run discovery and security scan' but provide no concrete, scoped commands or limits. Because the doc grants broad authority implicitly, it could lead the agent to read arbitrary config files, network endpoints, or secrets unless constrained. There are no explicit allowed paths, endpoints, or safeguards.
Install Mechanism
No install spec and no code files beyond a minimal package.json — this is instruction-only, so nothing will be downloaded or written to disk by the skill itself. That lowers direct supply-chain risk.
Credentials
The skill requests no environment variables or credentials, yet its stated behavior (detecting hardcoded secrets, mapping agent configs, assessing retention and PII exposure) would normally require access to sensitive data and possibly service credentials. The lack of declared required credentials or explicit data sources is disproportionate and unclear.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system changes. It can be invoked by the agent (normal default). While autonomous invocation is allowed by default, this alone is not flagged; however, autonomous runs combined with the above ambiguities increase the risk surface.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install mcp-server-scanner
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /mcp-server-scanner 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
MCP Server Scanner 1.0.0 – Initial Release - Scans MCP servers for vulnerabilities, configuration issues, and data leakage risks. - Discovers all MCP servers in your environment and maps agent configurations. - Assesses security controls such as authentication, encryption, and privilege scopes. - Audits for hardcoded secrets, TLS certificate validity, and insecure defaults. - Analyzes data flows to identify exposure of PII/SPII and compliance risks. - Generates detailed reports: server inventory, risk assessment, remediation steps, and compliance status.
元数据
Slug mcp-server-scanner
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Mcp Server Scanner 是什么?

Scans and assesses MCP servers for vulnerabilities, insecure configs, data exposure, and compliance with SOC 2, GDPR, and ISO 27001 standards. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 108 次。

如何安装 Mcp Server Scanner?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install mcp-server-scanner」即可一键安装,无需额外配置。

Mcp Server Scanner 是免费的吗?

是的,Mcp Server Scanner 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Mcp Server Scanner 支持哪些平台?

Mcp Server Scanner 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mcp Server Scanner?

由 engsathiago(@engsathiago)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论