mcp-builder
Build MCP servers for LLM tool integrations
Also available from: 92Bilal26,92Bilal26,anthropics,Azeem-2,AutumnsGrove,Doyajin174,DYAI2025,YYH211,Cam10001110101,mcp-use,ComposioHQ,davila7
Creating MCP servers from scratch requires understanding protocol specs, SDK patterns, and evaluation methods. This skill provides a structured four-phase workflow for building production-ready MCP servers with proper tool design, input validation, and comprehensive testing. It includes reference implementations for Python and TypeScript, evaluation frameworks, and security best practices.
Download the skill ZIP
Upload in Claude
Go to Settings → Capabilities → Skills → Upload skill
Toggle on and start using
Test it
Using "mcp-builder". Help me create an MCP server for the GitHub API with tools for listing repositories and creating issues.
Expected outcome:
- ## Phase 1: Research and Planning
- First, I need to gather information about the GitHub API and MCP protocol:
- 1. Fetch the MCP protocol documentation from modelcontextprotocol.io
- 2. Load the Python SDK README from the modelcontextprotocol/python-sdk repository
- 3. Study the GitHub REST API documentation for endpoints needed
- Based on the mcp-builder skill guidance, I'll design tools that:
- - Consolidate related operations into workflow-focused tools
- - Use human-readable identifiers over opaque IDs
- - Provide concise and detailed response format options
Using "mcp-builder". Add a search_issues tool to my existing GitHub MCP server
Expected outcome:
- ## Adding the search_issues tool
- Using the Python FastMCP pattern, I'll create a tool with:
- - Pydantic input model with validation constraints
- - Annotations for readOnlyHint and idempotentHint
- - Proper error handling with actionable messages
- - Pagination support for large result sets
Security Audit
Low RiskThis is a documentation guidance skill for building MCP servers. The static analyzer flagged 599 potential issues, but ALL findings are FALSE POSITIVES. The 'weak cryptographic algorithm' detections in documentation files are pattern matches on words like 'md5' appearing in text/code examples. The 'external command' findings are documentation examples showing how to run MCP servers for testing (e.g., 'python server.py'). Environment variable access is standard practice for API authentication configuration. The critical heuristic about 'Code execution + Network + Credential access' is a false positive - this is legitimate documentation that naturally involves all three patterns for building and testing MCP servers. No malicious intent, data exfiltration, or harmful patterns detected.
Risk Factors
⚡ Contains scripts (2)
🌐 Network access (2)
📁 Filesystem access (2)
🔑 Env variables (2)
⚙️ External commands (2)
Quality Score
What You Can Build
Integrate external services
Build MCP servers that expose external APIs as tools for LLMs, following best practices for naming, validation, and error handling.
Test MCP server quality
Create and run evaluation suites that test whether LLMs can effectively use your MCP server tools to complete real-world tasks.
Design agent-friendly tools
Design tools that optimize for limited context windows, provide actionable errors, and enable complete workflows rather than just API calls.
Try These Prompts
Help me create an MCP server to integrate with the GitHub API. I want to build tools for listing repositories and creating issues. Follow the four-phase workflow in the mcp-builder skill.
Add a new tool called github_search_issues to my existing MCP server. It should search for issues by keyword and status. Use the patterns from the Python implementation guide.
Create an evaluation file for my MCP server and run it using the evaluation harness. The evaluation should test read-only operations that require multiple tool calls.
Review my MCP server implementation against the quality checklist. Check that tools follow naming conventions and have proper input validation with Pydantic.
Best Practices
- Design tools for complete workflows, not just individual API endpoints. Consolidate related operations to reduce tool calls.
- Use input validation (Pydantic for Python, Zod for TypeScript) with clear constraints and descriptive error messages.
- Create evaluations with realistic, read-only questions that require multiple tool calls and verify answers through string comparison.
Avoid
- Don't simply wrap every API endpoint as a separate tool. This creates tool sprawl and forces LLMs to make many calls.
- Avoid returning exhaustive data dumps. Implement character limits and truncation with guidance on filtering results.
- Do not skip evaluation. Without testing how LLMs actually use your tools, you cannot measure or improve quality.