← 返回 Skills 市场
uniquevme

Mcp Builder test

作者 uniquevme · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
859
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install unique-mcp-builder-test
功能描述
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
安全使用建议
This package contains helpful MCP server docs but also runnable evaluation scripts that will call an external LLM (Anthropic) and require Python MCP client libraries. Before installing or running: 1) Review scripts/evaluation.py and scripts/connections.py to understand what data will be sent to external services — the evaluation deliberately forwards tool inputs/outputs to Anthropic, so any data returned by your MCP server may be transmitted off-host. 2) Install dependencies in a controlled environment (the repo includes scripts/requirements.txt but no install spec). 3) Expect to provide an Anthropic API key (e.g., ANTHROPIC_API_KEY) and possibly other credentials when running evaluations — these are not declared in the skill metadata. 4) If you plan to evaluate sensitive systems, run the harness in an isolated environment or modify it to use a local LLM / disable external calls. 5) If you want to proceed, add explicit install and environment variable documentation (or patch the SKILL.md) and audit the code for any endpoints/telemetry you don't want to expose.
功能分析
Type: OpenClaw Skill Name: unique-mcp-builder-test Version: 0.1.0 The skill bundle is classified as suspicious due to significant Remote Code Execution (RCE) and Server-Side Request Forgery (SSRF) vulnerabilities present in `scripts/evaluation.py` and `scripts/connections.py`. The `evaluation.py` script is designed to execute arbitrary commands and make network requests to user-specified targets (via command-line arguments like `--command` and `--url`) for evaluating MCP servers. While this functionality is intended for evaluation, it poses a critical risk if the script is run with untrusted inputs. Additionally, `SKILL.md` instructs the AI agent to use `WebFetch` to load documentation from `raw.githubusercontent.com` and generally use 'web search and WebFetch as needed,' introducing a supply chain risk. There is no clear evidence of intentional malicious behavior within the skill bundle itself, such as data exfiltration or backdoor installation.
能力评估
Purpose & Capability
The name/description claim this is a guide for building MCP servers — the included reference docs and code align with that. However, the shipped scripts implement an evaluation harness that calls an external LLM (Anthropic) and requires the 'mcp' client libraries. The skill metadata declares no required env vars, binaries, or install steps despite code that needs external Python packages and an LLM API key. Requiring an LLM client and MCP runtime libraries is plausible for an evaluation tool, but the manifest/README do not declare these needs (mismatch between claimed purpose and undeclared runtime requirements).
Instruction Scope
SKILL.md and reference docs focus on building MCP servers (fine), but scripts/evaluation.py will forward tool usage, tool inputs, and tool outputs to the Anthropics API as part of the evaluation prompt (EVALUATION_PROMPT explicitly asks for tool inputs/outputs and summaries). That means potentially sensitive data returned by the MCP server (tool results) would be transmitted to an external LLM provider during evaluation. The SKILL.md does not explicitly warn that evaluation runs will send this data externally. The instructions also instruct use of WebFetch to remote docs and raw GitHub content, which is reasonable but implies outbound network access.
Install Mechanism
The skill has no install spec, yet repository contains Python scripts and a scripts/requirements.txt implying dependencies (mcp client libraries, anthropic, httpx, etc.). Without an install mechanism, an agent or user would have to install dependencies manually. This is an incoherence between the deliverables (runnable code) and the declared install footprint (none). Lack of declared install steps increases the chance that code will fail or that a user will install packages ad-hoc from PyPI without guidance.
Credentials
The code imports and instantiates an Anthropic client (Anthropic()) which typically requires an ANTHROPIC_API_KEY environment variable or similar credential, but the skill declares no required environment variables or primary credential. The connection helpers accept environment dicts and the evaluation harness will contact external endpoints. Requiring an LLM API key (and possibly other service credentials for target MCP servers) is proportionate to running an evaluation harness, but it is not declared in the metadata — a transparency gap and a risk of surprise credential usage.
Persistence & Privilege
always:false and no persistent installation steps are declared. The skill does not request permanent inclusion or attempt to modify other skills or system-wide agent settings. However, because the evaluation harness can be invoked autonomously and will call external services, that autonomous capability combined with the other concerns increases the blast radius — mentionable but not a configuration error by itself.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install unique-mcp-builder-test
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /unique-mcp-builder-test 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of MCP server development guide. - Covers research, planning, implementation, review/testing, and evaluation phases. - Includes recommendations for API coverage, tool design, naming, and error handling. - Provides language-specific tips for TypeScript and Python MCP servers. - Describes best practices for tool schema, output formatting, and actionable errors. - Offers guidance for creating MCP server evaluations and includes example output formats.
元数据
Slug unique-mcp-builder-test
版本 0.1.0
许可证
累计安装 1
当前安装数 1
历史版本数 1
常见问题

Mcp Builder test 是什么?

Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 859 次。

如何安装 Mcp Builder test?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install unique-mcp-builder-test」即可一键安装,无需额外配置。

Mcp Builder test 是免费的吗?

是的,Mcp Builder test 完全免费(开源免费),可自由下载、安装和使用。

Mcp Builder test 支持哪些平台?

Mcp Builder test 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Mcp Builder test?

由 uniquevme(@uniquevme)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论