mcp-oauth 安全扫描报告 — 可信 | ClawSafe

0 /100

mcp-oauth

Add OAuth 2.0 PKCE authentication to a remote MCP server

This is a documentation-only skill providing OAuth 2.0 PKCE implementation templates for MCP servers. No executable code, scripts, or dangerous capabilities are present.

技能名称mcp-oauth

分析耗时15.8s

引擎pi

✓

可以安装

No action needed. This skill is safe to use as it only provides code templates and documentation.

2 项发现

🔗

中危外部 URL 外部 URL

https://your-domain.com

SKILL.md:49

🔗

中危外部 URL 外部 URL

https://upstream-service.com/authorize

SKILL.md:176

目录结构

2 文件 · 12.4 KB · 346 行

Markdown 1f · 331L JSON 1f · 15L

├─ ▾ 📁 evals

│ └─ 📋 evals.json JSON 15L · 931 B

└─ 📝 SKILL.md Markdown 331L · 11.5 KB

安全亮点

✓ Documentation-only skill with no executable code

✓ No shell, filesystem, network, or other sensitive tool access required

✓ Open source skill from known author (lucaperret) with MIT license

✓ Provides production-ready OAuth 2.0 PKCE patterns including proper redirect_uri validation

✓ Implements standard security practices: PKCE, short-lived tokens, secure random generation

✓ Includes proper session expiry (10 min for OAuth flow, 5 min for auth codes)