20c4fe823c
* fix(skill): enhance git-worktree-manager with scripts, references, and Anthropic best practices * fix(skill): enhance mcp-server-builder with scripts, references, and Anthropic best practices * fix(skill): enhance changelog-generator with scripts, references, and Anthropic best practices * fix(skill): enhance ci-cd-pipeline-builder with scripts, references, and Anthropic best practices * fix(skill): enhance prompt-engineer-toolkit with scripts, references, and Anthropic best practices * docs: update README, CHANGELOG, and plugin metadata * fix: correct marketing plugin count, expand thin references --------- Co-authored-by: Leo <leo@openclaw.ai>
1.3 KiB
1.3 KiB
MCP Validation Checklist
Structural Integrity
- Tool names are unique across the manifest
- Tool names use lowercase snake_case (3-64 chars,
[a-z0-9_]) inputSchema.typeis always"object"- Every
requiredfield exists inproperties - No empty
propertiesobjects (warn if inputs truly optional)
Descriptive Quality
- All tools include actionable descriptions (≥10 chars)
- Descriptions start with a verb ("Create…", "Retrieve…", "Delete…")
- Parameter descriptions explain expected values, not just types
Security & Safety
- Auth tokens and secrets are NOT exposed in tool schemas
- Destructive tools require explicit confirmation input parameters
- No tool accepts arbitrary URLs or file paths without validation
- Outbound host allowlists are explicit where applicable
Versioning & Compatibility
- Breaking tool changes use new tool IDs (never rename in-place)
- Additive-only changes for non-breaking updates
- Contract changelog is maintained per release
- Deprecated tools include sunset timeline in description
Runtime & Error Handling
- Error responses use consistent structure (
code,message,details) - Timeout and rate-limit behaviors are documented
- Large response payloads are paginated or truncated