mcp-builder 安全扫描报告 — 可信 | ClawSafe

5 /100

mcp-builder

Guide for creating high-quality MCP (Model Context Protocol) servers

This is a legitimate MCP server development guide skill with no security issues - it's a documentation and guidance tool with no malicious behavior.

技能名称mcp-builder

分析耗时31.3s

引擎pi

✓

可以安装

This skill is safe to use. No action required.

安全发现 1 项

严重性	安全发现	位置
低危	Dependencies not version pinned 供应链 requirements.txt uses loose version constraints (>=) for anthropic and mcp packages. While not malicious, version pinning would improve reproducibility and prevent potential supply chain issues. `anthropic>=0.39.0 mcp>=1.1.0` → Pin exact versions in production use (e.g., anthropic==0.39.0) to ensure consistent behavior	`scripts/requirements.txt:1`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md: Read local documentation and reference files
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: Fetch SDK documentation from GitHub URLs
命令执行	`WRITE`	`WRITE`	✓ 一致	scripts/evaluation.py: Execute local MCP servers for testing

5 项发现

🔗

中危外部 URL 外部 URL

http://www.apache.org/licenses/

LICENSE.txt:4

🔗

中危外部 URL 外部 URL

http://www.apache.org/licenses/LICENSE-2.0

LICENSE.txt:196

🔗

中危外部 URL 外部 URL

https://modelcontextprotocol.io/sitemap.xml

SKILL.md:41

🔗

中危外部 URL 外部 URL

https://modelcontextprotocol.io/specification/draft.md

SKILL.md:43

🔗

中危外部 URL 外部 URL

https://api.example.com/v1

reference/node_mcp_server.md:601

目录结构

11 文件 · 119.1 KB · 3528 行

Markdown 5f · 2773L Python 2f · 524L Text 2f · 203L XML 1f · 22L JSON 1f · 6L

├─ ▾ 📁 reference

│ ├─ 📝 evaluation.md Markdown 601L · 21.2 KB

│ ├─ 📝 mcp_best_practices.md Markdown 249L · 7.2 KB

│ ├─ 📝 node_mcp_server.md Markdown 969L · 27.9 KB

│ └─ 📝 python_mcp_server.md Markdown 718L · 24.5 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 connections.py Python 151L · 4.8 KB

│ ├─ 🐍 evaluation.py Python 373L · 12.3 KB

│ ├─ 📄 example_evaluation.xml XML 22L · 1.2 KB

│ └─ 📄 requirements.txt Text 2L · 29 B

├─ 📋 .openskills.json JSON 6L · 191 B

├─ 📄 LICENSE.txt Text 201L · 11.1 KB

└─ 📝 SKILL.md Markdown 236L · 8.9 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`anthropic`	`>=0.39.0`	pip	否	Version not pinned
`mcp`	`>=1.1.0`	pip	否	Version not pinned

安全亮点

✓ Clean codebase with no obfuscation or suspicious patterns

✓ Documentation accurately describes all functionality

✓ No credential theft, data exfiltration, or reverse shell attempts

✓ Uses official MCP SDK (mcp package)

✓ Well-structured code with proper error handling

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ Shell execution is scoped to launching local MCP servers for evaluation