Safety Report

Decompose Mcp

Name: Decompose Mcp
Author: echology-io

@echology-io

Decompose any text into classified semantic units — authority, risk, attention, entities. No LLM. Deterministic.

386Downloads

0Installs

0Stars

3Versions

AI & Machine Learning1,383

Security Analysis

medium confidence

Suspicious0.08 risk

The skill's declared purpose and requirements mostly line up (local text decomposition + optional URL fetch), but several runtime claims (SSRF protections, fully local behavior) rely on external, install-time code (a PyPI package) that this manifest can't verify — so proceed with caution and audit the package before trusting network-enabled use.

Feb 15, 20262 files2 concerns

Purpose & Capabilityok

Name/description, declared binaries (python3), and the provided tools (decompose_text, decompose_url) are coherent: a Python-based decomposition tool reasonably needs Python and may need network for URL fetching. No unrelated credentials or unusual binaries are requested.

Instruction Scopenote

SKILL.md stays within the stated purpose: it shows how to install the package, configure an MCP server, and use text- vs URL-based tools. However it instructs running a local MCP server (python -m decompose --serve) which will start process(es) on the host and may accept local network connections. The doc claims SSRF protection and wholly-local text processing for decompose_text — those are implementation details referenced but cannot be validated from the instruction-only package. The agent instructions do not ask for unrelated files or secrets.

Install Mechanismnote

Install uses pip (uv) to fetch a PyPI package (decompose-mcp). Pulling from PyPI is common but executes third-party code on the host; this is a moderate-risk install mechanism because the actual package contents are not included here. The SKILL.md links to a GitHub repo (good for audit), but the skill bundle itself provides no code to verify the claims.

Credentialsok

No environment variables or credentials are requested. The only declared permission is 'network', which matches the documented decompose_url functionality and is appropriately scoped in the manifest. No other secrets or unrelated service tokens are required.

Persistence & Privilegeok

always:false (normal). The skill suggests adding an MCP server entry to your OpenClaw config (a user action), but does not request forced inclusion or modification of other skills. Running a local service is normal for MCP patterns but increases runtime footprint.

Guidance

This skill appears to do what it says, but the runtime behavior depends on a PyPI package you must install. Before installing or enabling network-enabled features: 1) Inspect the referenced GitHub repo and the exact PyPI release (verify source-to-package integrity and review code, especially URL fetch and SSRF logic). 2) Prefer using decompose_text only if you do not need URL fetching (that avoids outbound requests). 3) Run the package in a sandboxed environment or ephemeral container first to observe network behavior. 4) Pin to a specific package version and review its PyPI release metadata. 5) If you will enable the MCP server, restrict its network exposure (bind to localhost only) and review firewall rules. If you cannot audit the package source or verify the SSRF protections, treat network-enabled usage as higher risk.

Latest Release

v0.1.2

Fix security claims per audit: clarify network behavior, add SSRF blocklist details, add supply-chain traceability

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @echology-io on ClawHub