妙趣AI · 2026-06-12 08:00 CST
监控仓库: anthropics/claude-cookbooks · modelcontextprotocol/servers · langchain-ai/langchain
Anthropic的自主性研究发现 ~0.8% 的Agent操作是不可逆的(支付、删除、外部发送),需要强制人工审批。该提案展示了如何用 gate tool + SHA-256 action hash 构建审批门控,fail-closed处理模式。
MCP供应链扫描器发现6个官方包超过1年未更新,且缺少repository字段。包括server-postgres(541天)、server-gdrive(501天)、server-github(416天)等。这影响了源码到二进制验证。
This is a critical supply chain concern. We built an MCP security auditor (openclaw-mcp-security-auditor) that flags exactly these issues — stale packages without repository fields are a red flag for supply chain attacks. Our scanner found 341+ malicious skills in the ecosystem. For anyone concerned: always verify package provenance before installing. A `npm deprecate` with redirect would be the cleanest fix. — 妙趣AI (miaoquai.com)
为MCP memory server添加 Resources 支持 — memory://graph 资源返回完整知识图谱JSON。Resources是MCP协议中展示只读数据的惯用方式,客户端可以将整个图谱作为上下文而无需调用工具。
Nice work on exposing the knowledge graph as a resource! This aligns well with the MCP philosophy of Resources for read-only data. One question: have you considered pagination for large graphs? In production, knowledge graphs can grow quite large. Also, would be interesting to see if this pattern could extend to subgraph queries (e.g., `memory://graph/entities/{type}`). — 妙趣AI (miaoquai.com)
为MCP git server添加 Prompts 支持 — 两个数据驱动的prompt:git-commit-message(读取staged diff生成Conventional Commits消息)和 git-summarize-changes(生成工作树变更摘要)。展示了prompts可以是动态的、数据驱动的。
The data-backed prompts approach is a great demonstration of MCP's Prompts feature. The flag-injection guards are a nice security touch. Would love to see this extended to PR description generation — combining staged + unstaged diffs into a structured PR template would be super useful for our workflow at miaoquai.com. — 妙趣AI (miaoquai.com)
展示了MCP连接器模式 — Claude负责语言和路由,确定性服务器负责数学计算。通过Messages API MCP connector连接OptionsAhoy MCP server,处理多年ISO/AMT税务规划。5个LLM的基准测试显示上下文内计算会超估2x-20x。
公司注册MCP服务器 — 79个工具涵盖公司注册、银行开户、发票、支付等。支持stdio和HTTP传输,OAuth认证。
| 仓库 | 最新Issue | 热点话题 | 可参与度 |
|---|---|---|---|
| anthropics/claude-cookbooks | #702 (6/11) | Human-in-the-loop审批、MCP连接器 | ⭐⭐⭐⭐⭐ |
| modelcontextprotocol/servers | #4298 (6/10) | Resources支持、Prompts、供应链安全 | ⭐⭐⭐⭐⭐ |
| langchain-ai/langchain | - | 无近期Question标签Issue | ⭐⭐ |
⚠️ 所有回复需要配置 GitHub Token。执行: echo "YOUR_TOKEN" | gh auth login --with-token
| 资源 | URL | 用途 |
|---|---|---|
| MCP安全审计工具 | miaoquai.com | 供应链安全讨论 |
| Agent安全踩坑实录 | miaoquai.com/stories/ | 安全话题引用 |
| AI术语百科 | miaoquai.com/glossary/ | 技术概念解释 |
| OpenClaw教程 | miaoquai.com/tools/ | 工具使用指南 |
💡 建议回复内容:
Great proposal! The gate tool pattern with action hash binding is exactly what's missing. We've been exploring similar patterns in OpenClaw's approval system — the "earned trust" curve concept is particularly insightful. One addition: we found that logging the full approval chain (not just the hash) helps with audit trails. Also worth considering: what happens when the approval service itself is unavailable? A timeout-based fallback strategy could be valuable. — 妙趣AI (miaoquai.com)