Back to Details

mcp-dynamic-orchestrator

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Overview

概述

Use this skill to:
  • Discover which MCP servers are available and what they are for.
  • Inspect a specific MCP's capabilities without loading all tool schemas.
  • Execute TypeScript/JavaScript that calls MCP tools via generated 
    mcp-clients/*
    modules.
If no MCP servers are configured, 
list_mcp_capabilities
will respond with an empty list and a message pointing to 
skills/mcp-dynamic-orchestrator/mcp.registry.json
so the user can add MCP entries.
This skill reads from 
mcp.registry.json
, so adding an MCP entry there (for example the Cloudflare MCP) automatically makes it discoverable without changing tool wiring.
使用此技能可实现:
  • 发现可用的MCP服务器及其用途。
  • 无需加载所有工具架构即可检查特定MCP的功能。
  • 执行通过生成的
    mcp-clients/*
    模块调用MCP工具的TypeScript/JavaScript代码。
如果未配置任何MCP服务器,
list_mcp_capabilities
将返回空列表,并给出指向
skills/mcp-dynamic-orchestrator/mcp.registry.json
的提示信息,以便用户添加MCP条目。
此技能读取
mcp.registry.json
文件,因此在其中添加MCP条目(例如Cloudflare MCP)后,无需修改工具连接即可自动使其可被发现。

Cloudflare MCP example

Cloudflare MCP示例

The Cloudflare MCP server can be configured in 
mcp.registry.json
like this:
json
{
  "id": "cloudflare",
  "title": "Cloudflare platform MCP",
  "summary": "Interact with Cloudflare's MCP endpoint for documentation, examples, and platform operations exposed via the official Cloudflare MCP server.",
  "mcp": {
    "transport": "stdio",
    "command": "npx",
    "args": [
      "mcp-remote",
      "https://docs.mcp.cloudflare.com/sse"
    ]
  },
  "domains": ["cloudflare", "workers", "kv", "r2", "queues", "zero_trust", "networking", "security", "observability"],
  "tags": ["cloudflare", "platform", "infra", "docs", "workers", "mcp"],
  "examples": [
    "Fetch Cloudflare Workers documentation for a specific API.",
    "Search Cloudflare platform docs for queues or KV usage patterns.",
    "Look up configuration guidance for Zero Trust or networking features."
  ],
  "sensitivity": "low",
  "visibility": "default",
  "priority": 10,
  "autoDiscoverTools": true
}
With this entry present:
  • list_mcp_capabilities
    will return 
    cloudflare
    when queries mention Cloudflare, Workers, KV, R2, Queues, etc.
  • describe_mcp
    with 
    id: "cloudflare"
    will surface concise tool summaries from the Cloudflare MCP server.
  • execute_mcp_code
    lets the agent write TypeScript such as:
ts
import * as cloudflare from "mcp-clients/cloudflare";

async function main() {
  const docs = await cloudflare.search_docs({ query: "Workers KV" });
  console.log(docs.summary);
}
The actual available functions under 
mcp-clients/cloudflare
are generated dynamically from the MCP tool definitions; the agent should always:
  1. Discover via 
    list_mcp_capabilities
    .
  2. Inspect via 
    describe_mcp
    to see available operations.
  3. Use those operations via 
    execute_mcp_code
    .
Cloudflare MCP服务器可在
mcp.registry.json
中按如下方式配置:
json
{
  "id": "cloudflare",
  "title": "Cloudflare platform MCP",
  "summary": "Interact with Cloudflare's MCP endpoint for documentation, examples, and platform operations exposed via the official Cloudflare MCP server.",
  "mcp": {
    "transport": "stdio",
    "command": "npx",
    "args": [
      "mcp-remote",
      "https://docs.mcp.cloudflare.com/sse"
    ]
  },
  "domains": ["cloudflare", "workers", "kv", "r2", "queues", "zero_trust", "networking", "security", "observability"],
  "tags": ["cloudflare", "platform", "infra", "docs", "workers", "mcp"],
  "examples": [
    "Fetch Cloudflare Workers documentation for a specific API.",
    "Search Cloudflare platform docs for queues or KV usage patterns.",
    "Look up configuration guidance for Zero Trust or networking features."
  ],
  "sensitivity": "low",
  "visibility": "default",
  "priority": 10,
  "autoDiscoverTools": true
}
添加此条目后:
  • 当查询提及Cloudflare、Workers、KV、R2、Queues等内容时,
    list_mcp_capabilities
    将返回
    cloudflare
  • 使用
    id: "cloudflare"
    调用
    describe_mcp
    将显示来自Cloudflare MCP服务器的简洁工具摘要。
  • execute_mcp_code
    允许Agent编写如下TypeScript代码:
ts
import * as cloudflare from "mcp-clients/cloudflare";

async function main() {
  const docs = await cloudflare.search_docs({ query: "Workers KV" });
  console.log(docs.summary);
}
mcp-clients/cloudflare
下实际可用的函数是从MCP工具定义中动态生成的;Agent应始终遵循以下步骤:
  1. 通过
    list_mcp_capabilities
    进行发现。
  2. 通过
    describe_mcp
    检查可用操作。
  3. 通过
    execute_mcp_code
    使用这些操作。

How to use

使用方法

  1. Call 
    list_mcp_capabilities
    with a natural language query or filters to see which MCPs exist.
  2. For a chosen MCP (e.g. 
    cloudflare
    ), call 
    describe_mcp
    to understand its operations.
  3. Write TypeScript/JavaScript that imports from 
    mcp-clients/<id>
    and calls the exported functions.
  4. Run your code with 
    execute_mcp_code
    , optionally restricting 
    allowedMcpIds
    for safety.
  1. 调用
    list_mcp_capabilities
    并传入自然语言查询或筛选条件,查看存在哪些MCP。
  2. 对于选定的MCP(例如
    cloudflare
    ),调用
    describe_mcp
    了解其操作。
  3. 编写从
    mcp-clients/<id>
    导入并调用导出函数的TypeScript/JavaScript代码。
  4. 使用
    execute_mcp_code
    运行代码,可选择性地限制
    allowedMcpIds
    以保障安全。

Rules

规则

  • Do not assume individual MCP tools are top-level tools.
  • Always: discover → describe → generate code → 
    execute_mcp_code
    .
  • Request 
    detail: "schema"
    in 
    describe_mcp
    only when exact parameter shapes are required.
  • 不要假设单个MCP工具是顶级工具。
  • 始终遵循:发现 → 描述 → 生成代码 → 
    execute_mcp_code
    的流程。
  • 仅当需要确切参数格式时,才在
    describe_mcp
    中请求
    detail: "schema"

Known Limitations

已知限制

Sandbox Security (CRITICAL)

沙箱安全性(CRITICAL)

⚠️ The current sandbox implementation is NOT secure for untrusted code.
  • Uses 
    vm.createContext()
    which is NOT a security boundary
  • Can be escaped via prototype pollution, require() manipulation, etc.
  • Only enable for Claude-generated code (trusted source)
  • Requires 
    MCP_ORCH_ENABLE_SANDBOX=1
    environment variable
  • See 
    references/security-model.md
    for complete security details
⚠️ 当前沙箱实现对于不可信代码并不安全。
  • 使用
    vm.createContext()
    ,这并非安全边界
  • 可通过原型污染、require()操纵等方式逃逸
  • 仅对Claude生成的代码启用(可信来源)
  • 需要设置
    MCP_ORCH_ENABLE_SANDBOX=1
    环境变量
  • 完整安全细节请参阅
    references/security-model.md

Other Limitations

其他限制

  • No TypeScript compilation: User code in 
    .ts
    format will fail
  • No module resolution: Imports from 
    mcp-clients/*
    don't resolve; use 
    $call()
    API
  • Static registry: Adding/removing MCPs requires restart
  • Limited error handling: Generic errors for MCP connection failures
For detailed troubleshooting, see 
references/troubleshooting.md
.
  • 无TypeScript编译
    .ts
    格式的用户代码将执行失败
  • 无模块解析:无法解析
    mcp-clients/*
    的导入;请使用
    $call()
    API
  • 静态注册中心:添加/移除MCP需要重启服务
  • 有限的错误处理:MCP连接失败时仅返回通用错误
详细故障排除请参阅
references/troubleshooting.md

Production Status

生产状态

What's Working ✅:
  • Discovery via 
    list_mcp_capabilities
    (fully functional)
  • Inspection via 
    describe_mcp
    (fully functional)
  • Registry management (16 MCPs configured)
  • MCP clients (stdio + HTTP transports)
  • Safety controls (visibility, sensitivity, policies)
What's Limited 🟡:
  • Code execution (requires env flag, sandbox not secure)
  • Testing (basic smoke tests only)
What's Planned 🔮:
  • Secure sandbox with Worker threads (v1.1)
  • TypeScript compilation support (v1.1)
  • Module resolution (v1.1)
  • Dynamic registry updates (v1.2)
For complete roadmap, see 
plan.md
in repository root.
已实现功能 ✅:
  • 通过
    list_mcp_capabilities
    进行发现(功能完整)
  • 通过
    describe_mcp
    进行检查(功能完整)
  • 注册中心管理(已配置16个MCP)
  • MCP客户端(stdio + HTTP传输)
  • 安全控制(可见性、敏感度、策略)
功能受限 🟡:
  • 代码执行(需要环境变量标记,沙箱不安全)
  • 测试(仅基础冒烟测试)
计划功能 🔮:
  • 基于Worker线程的安全沙箱(v1.1)
  • TypeScript编译支持(v1.1)
  • 模块解析(v1.1)
  • 动态注册中心更新(v1.2)
完整路线图请参阅仓库根目录下的
plan.md