Scan Report
0 /100
mcp-best-practices
Build production MCP servers with the TypeScript SDK. Covers spec 2025-11-25, SDK v1.28+/v2, transport selection, tool design, error handling, security, performance, and known bugs with workarounds.
Pure documentation skill containing only markdown reference material about MCP server best practices with no executable code, scripts, or potentially dangerous patterns.
Safe to install
No action needed. This skill is safe to use.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No file operations in skill |
| Network | NONE | NONE | — | No network calls in skill |
| Shell | NONE | NONE | — | No shell execution in skill |
| Environment | NONE | NONE | — | No env access in skill |
| Skill Invoke | NONE | NONE | — | Documentation reference only |
| Clipboard | NONE | NONE | — | No clipboard access in skill |
| Browser | NONE | NONE | — | No browser access in skill |
| Database | NONE | NONE | — | No database access in skill |
2 findings
Medium External URL 外部 URL
https://www.apache.org/licenses/ LICENSE.txt:3 Medium External URL 外部 URL
https://spec.modelcontextprotocol.io SKILL.md:16 File Tree
6 files · 60.4 KB · 1594 lines Markdown 5f · 1432L
Text 1f · 162L
├─
▾
references
│ ├─
error-handling.md
Markdown
│ ├─
tool-schema-guide.md
Markdown
│ ├─
transport-patterns.md
Markdown
│ └─
v2-migration.md
Markdown
├─
LICENSE.txt
Text
└─
SKILL.md
Markdown
Security Positives
✓ Pure markdown documentation - no executable code
✓ No scripts or shell commands present
✓ No credential harvesting or sensitive data access
✓ No network calls or data exfiltration
✓ No base64 payloads or encoded commands
✓ No hidden instructions or steganographic content
✓ Legitimate external references to official MCP specification
✓ Apache 2.0 open source license
✓ Contains security best practices and threat mitigation guidance