Use Model Context Protocol servers to access external tools and data sources. Enable AI agents to discover and execute tools from configured MCP servers (legal databases, APIs, database connectors, weather services, etc.).
Security Analysis
high confidenceThe plugin's code, docs, and runtime instructions are consistent with its stated purpose (connecting to MCP servers and proxying their tools); it does not request unexplained credentials, but it can connect to arbitrary servers and — if configured to do so — spawn local MCP processes and pass environment variables, so you must trust the servers and configuration you point it at.
Name/description, SKILL.md, README, config schema and code (http-transport.js, index.js) all implement an MCP HTTP/SSE transport, discovery (list) and invocation (call) of remote tools. The ability to call database, weather, legal services, etc. is coherent with the stated purpose. The config also supports a stdio transport (command, args, env) which is powerful but explainable (some MCP servers are local binaries).
Runtime instructions are narrowly focused: list available tools, inspect tool inputSchema, validate and construct calls, parse responses, chain calls, and handle errors. The SKILL.md and docs reference only OpenClaw config files (~/.openclaw/openclaw.json) and environment variables that are expected for configuring MCP servers. There are no instructions to read unrelated host files or exfiltrate data.
There is no registry install spec (instruction-only at registry level), which reduces automatic install risk. However the bundle includes Node.js code and README with manual install steps (git clone + npm install). That means if you follow the README and install the plugin it will write files and execute Node.js code under your OpenClaw instance. The code appears to only implement transport/management (no obfuscated downloads), but installing still grants it runtime ability to make network requests and spawn processes (via stdio transport) if configured.
The registry declares no required env vars, which is consistent. Documentation explains using environment variables (or an envFile) to provide API keys to specific MCP servers and allows per-server env settings for stdio transport. This is reasonable for integrating third‑party services, but it means secrets placed in OpenClaw config or passed into spawned MCP processes could be exposed to the remote servers — configure with care and avoid committing secrets in repo/config files.
The skill is not forced always-on (always:false) and uses the normal autonomous-invocation defaults. It does not request modification of other plugins or system-wide settings. Its persistence model (registered mcp tool, configured in openclaw.json) is typical for an OpenClaw plugin.
Guidance
This plugin appears to do what it says: expose MCP servers' tools to agents. Before installing or enabling it, consider the following: - Only configure servers you trust. The plugin will forward requests and responses to whatever URL/command you provide — a malicious or compromised MCP server can return harmful data or attempt to trick the agent. - Avoid placing secrets directly in repository files. Use environment variables stored securely (not committed to git) and prefer per-server env entries that you control. Remember the plugin can pass env values into spawned stdio processes. - Prefer HTTPS and restricted network scope for production servers. For initial testing, keep servers on localhost or an isolated network. - If you enable stdio transport (command to spawn a local MCP server), only use trusted binaries: that option lets the plugin spawn local processes with given env and args. - Limit agent access to the mcp tool via agent allowlists/denylist in OpenClaw if you want to restrict autonomous use. - When installing, run npm install and the plugin in a controlled environment (container or VM) first and review index.js and http-transport.js yourself; check OpenClaw logs after startup to see which servers and tools were registered. If you want additional assurance, provide the plugin's source to an internal reviewer or run it in an isolated instance and verify behavior before enabling on production agents.
Latest Release
v0.1.1
Initial release of openclaw-mcp-plugin. - Adds core plugin implementation with unified `mcp` tool and `list`/`call` actions. - Provides example configuration and transport modules. - Includes usage guide and integration documentation. - Supports discovery and invocation of tools from configured MCP servers.
Popular Skills
Published by @lunarpulse on ClawHub
