3d9d1d2d92
* docs: restructure README.md — 2,539 → 209 lines (#247) - Cut from 2,539 lines / 73 sections to 209 lines / 18 sections - Consolidated 4 install methods into one unified section - Moved all skill details to domain-level READMEs (linked from table) - Front-loaded value prop and keywords for SEO - Added POWERFUL tier highlight section - Added skill-security-auditor showcase section - Removed stale Q4 2025 roadmap, outdated ROI claims, duplicate content - Fixed all internal links - Clean heading hierarchy (H2 for main sections only) Closes #233 Co-authored-by: Leo <leo@openclaw.ai> * fix: enhance 5 skills with scripts, references, and Anthropic best practices (#248) * fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices * fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices * fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices * fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices * fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices * docs: update README, CHANGELOG, and plugin metadata * fix: correct marketing plugin count, expand thin references --------- Co-authored-by: Leo <leo@openclaw.ai> --------- Co-authored-by: Leo <leo@openclaw.ai>
31 lines
1.3 KiB
Markdown
31 lines
1.3 KiB
Markdown
# MCP Validation Checklist
|
|
|
|
## Structural Integrity
|
|
- [ ] Tool names are unique across the manifest
|
|
- [ ] Tool names use lowercase snake_case (3-64 chars, `[a-z0-9_]`)
|
|
- [ ] `inputSchema.type` is always `"object"`
|
|
- [ ] Every `required` field exists in `properties`
|
|
- [ ] No empty `properties` objects (warn if inputs truly optional)
|
|
|
|
## Descriptive Quality
|
|
- [ ] All tools include actionable descriptions (≥10 chars)
|
|
- [ ] Descriptions start with a verb ("Create…", "Retrieve…", "Delete…")
|
|
- [ ] Parameter descriptions explain expected values, not just types
|
|
|
|
## Security & Safety
|
|
- [ ] Auth tokens and secrets are NOT exposed in tool schemas
|
|
- [ ] Destructive tools require explicit confirmation input parameters
|
|
- [ ] No tool accepts arbitrary URLs or file paths without validation
|
|
- [ ] Outbound host allowlists are explicit where applicable
|
|
|
|
## Versioning & Compatibility
|
|
- [ ] Breaking tool changes use new tool IDs (never rename in-place)
|
|
- [ ] Additive-only changes for non-breaking updates
|
|
- [ ] Contract changelog is maintained per release
|
|
- [ ] Deprecated tools include sunset timeline in description
|
|
|
|
## Runtime & Error Handling
|
|
- [ ] Error responses use consistent structure (`code`, `message`, `details`)
|
|
- [ ] Timeout and rate-limit behaviors are documented
|
|
- [ ] Large response payloads are paginated or truncated
|