← Back to Skills Marketplace
859
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install unique-mcp-builder-test
Description
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).
Usage Guidance
This package contains helpful MCP server docs but also runnable evaluation scripts that will call an external LLM (Anthropic) and require Python MCP client libraries. Before installing or running: 1) Review scripts/evaluation.py and scripts/connections.py to understand what data will be sent to external services — the evaluation deliberately forwards tool inputs/outputs to Anthropic, so any data returned by your MCP server may be transmitted off-host. 2) Install dependencies in a controlled environment (the repo includes scripts/requirements.txt but no install spec). 3) Expect to provide an Anthropic API key (e.g., ANTHROPIC_API_KEY) and possibly other credentials when running evaluations — these are not declared in the skill metadata. 4) If you plan to evaluate sensitive systems, run the harness in an isolated environment or modify it to use a local LLM / disable external calls. 5) If you want to proceed, add explicit install and environment variable documentation (or patch the SKILL.md) and audit the code for any endpoints/telemetry you don't want to expose.
Capability Analysis
Type: OpenClaw Skill
Name: unique-mcp-builder-test
Version: 0.1.0
The skill bundle is classified as suspicious due to significant Remote Code Execution (RCE) and Server-Side Request Forgery (SSRF) vulnerabilities present in `scripts/evaluation.py` and `scripts/connections.py`. The `evaluation.py` script is designed to execute arbitrary commands and make network requests to user-specified targets (via command-line arguments like `--command` and `--url`) for evaluating MCP servers. While this functionality is intended for evaluation, it poses a critical risk if the script is run with untrusted inputs. Additionally, `SKILL.md` instructs the AI agent to use `WebFetch` to load documentation from `raw.githubusercontent.com` and generally use 'web search and WebFetch as needed,' introducing a supply chain risk. There is no clear evidence of intentional malicious behavior within the skill bundle itself, such as data exfiltration or backdoor installation.
Capability Assessment
Purpose & Capability
The name/description claim this is a guide for building MCP servers — the included reference docs and code align with that. However, the shipped scripts implement an evaluation harness that calls an external LLM (Anthropic) and requires the 'mcp' client libraries. The skill metadata declares no required env vars, binaries, or install steps despite code that needs external Python packages and an LLM API key. Requiring an LLM client and MCP runtime libraries is plausible for an evaluation tool, but the manifest/README do not declare these needs (mismatch between claimed purpose and undeclared runtime requirements).
Instruction Scope
SKILL.md and reference docs focus on building MCP servers (fine), but scripts/evaluation.py will forward tool usage, tool inputs, and tool outputs to the Anthropics API as part of the evaluation prompt (EVALUATION_PROMPT explicitly asks for tool inputs/outputs and summaries). That means potentially sensitive data returned by the MCP server (tool results) would be transmitted to an external LLM provider during evaluation. The SKILL.md does not explicitly warn that evaluation runs will send this data externally. The instructions also instruct use of WebFetch to remote docs and raw GitHub content, which is reasonable but implies outbound network access.
Install Mechanism
The skill has no install spec, yet repository contains Python scripts and a scripts/requirements.txt implying dependencies (mcp client libraries, anthropic, httpx, etc.). Without an install mechanism, an agent or user would have to install dependencies manually. This is an incoherence between the deliverables (runnable code) and the declared install footprint (none). Lack of declared install steps increases the chance that code will fail or that a user will install packages ad-hoc from PyPI without guidance.
Credentials
The code imports and instantiates an Anthropic client (Anthropic()) which typically requires an ANTHROPIC_API_KEY environment variable or similar credential, but the skill declares no required environment variables or primary credential. The connection helpers accept environment dicts and the evaluation harness will contact external endpoints. Requiring an LLM API key (and possibly other service credentials for target MCP servers) is proportionate to running an evaluation harness, but it is not declared in the metadata — a transparency gap and a risk of surprise credential usage.
Persistence & Privilege
always:false and no persistent installation steps are declared. The skill does not request permanent inclusion or attempt to modify other skills or system-wide agent settings. However, because the evaluation harness can be invoked autonomously and will call external services, that autonomous capability combined with the other concerns increases the blast radius — mentionable but not a configuration error by itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install unique-mcp-builder-test - After installation, invoke the skill by name or use
/unique-mcp-builder-test - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of MCP server development guide.
- Covers research, planning, implementation, review/testing, and evaluation phases.
- Includes recommendations for API coverage, tool design, naming, and error handling.
- Provides language-specific tips for TypeScript and Python MCP servers.
- Describes best practices for tool schema, output formatting, and actionable errors.
- Offers guidance for creating MCP server evaluations and includes example output formats.
Metadata
Frequently Asked Questions
What is Mcp Builder test?
Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK). It is an AI Agent Skill for Claude Code / OpenClaw, with 859 downloads so far.
How do I install Mcp Builder test?
Run "/install unique-mcp-builder-test" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Mcp Builder test free?
Yes, Mcp Builder test is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Mcp Builder test support?
Mcp Builder test is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Mcp Builder test?
It is built and maintained by uniquevme (@uniquevme); the current version is v0.1.0.
More Skills