← Back to directory
Public SkillWarnings

mcp-builder

anthropics

Guide for creating high-quality MCP (Model Context Protocol) servers that enable LLMs to interact with external services through well-designed tools. Use when building MCP servers to integrate external APIs or services, whether in Python (FastMCP) or Node/TypeScript (MCP SDK).

Security Summary

This skill includes a SKILL.md descriptor and ships with scripts. Security observation: references external URL.

Source
GitHub
Last Scanned
May 1, 2026
License
Complete terms in LICENSE.txt

Evidence Index

security3
best practices4
description2
evals1
scripts3
structure3

Category

security

References external URL — review for indirect prompt injection risk

Vettd coreOWASP LLM03

External URL(s) detected in SKILL.md — referenced content can change after audit

warn

No prompt injection or jailbreak signals detected

Vettd core

Scanned text content for instruction override, jailbreak framing, credential solicitation, and embedded injection markers

pass

No secrets or unsafe code patterns detected

Vettd core

Scanned all files for credentials, private keys, and code-level risks (eval, shell exec, destructive ops)

pass

Category

best practices

Examples included

Vettd core

Found code blocks, input/output samples, or an examples section — concrete samples help agents pattern-match effectively

pass

Progressive disclosure used

Vettd core

SKILL.md body references files in references/, scripts/, or assets/ — agents can load additional context on demand instead of consuming everything upfront

pass

SKILL.md body length is reasonable

Vettd core

231 lines (recommended: under 500)

pass

Step-by-step workflow found

Vettd core

Structured procedures improve reliability for complex tasks

pass

Category

description

Description includes usage context

Vettd core

Good: description explains when to activate the skill

pass

Description within character limit

Vettd core

277/1024 characters used

pass

Category

evals

No evaluation test cases

Vettd core

Add an evals/ directory with test prompts and expected outputs to measure skill quality

warn

Category

scripts

scripts/connections.py: No --help support

Vettd core

Add argument parsing with --help output so agents know the script's interface

warn

scripts/evaluation.py: CLI help supported

Vettd core

Script documents its interface via --help or argument parsing

pass

scripts/evaluation.py: Structured output format

Vettd core

Uses JSON/CSV output which is easily parseable by agents

pass

Category

structure

scripts/ directory present

Vettd core

Bundled executable scripts found

pass

SKILL.md present

Vettd core

Required skill definition file found

pass

Valid name field

Vettd core

Name "mcp-builder" follows spec (lowercase, hyphens, ≤64 chars)

pass