Submit
BeBraveBeKind

@mcpskillsio/server

Community BeBraveBeKind
Updated

Pre-install trust layer for MCP servers, AI skills & npm packages — the @mcpskillsio/server MCP server (io.mcpskills/server).

@mcpskillsio/server

Use the MCPSkills pre-install trust layer from inside Claude Code, Cursor, or any MCP client.

13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks. Check install risk before an MCP server or AI skill reaches your agent.

npm versionMCP RegistryLicense: MIT

Add to CursorInstall in VS Code

Install

Claude Code

claude mcp add mcpskills -- npx @mcpskillsio/server

Cursor

Add to your .cursor/mcp.json:

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

Tools

check_trust_score

Score any GitHub repo, npm package, or registry URL. Returns trust tier, composite score, and 4 dimension scores.

"Score anthropics/anthropic-sdk-typescript"

scan_safety

Focused safety scan for AI skills. Checks for prompt injection, shell execution, network exfiltration, credential theft, and obfuscated payloads.

"Is this MCP server safe? modelcontextprotocol/servers"

list_packages

Browse curated, pre-scored skill packages organized by use case.

"Show me safe AI skill packages for full-stack development"

get_badge

Generate an SVG trust badge URL for your README.

"Get a trust badge for my repo anthropics/anthropic-sdk-typescript"

watch_repo

Start monitoring a repo for trust score changes (requires API key).

"Watch modelcontextprotocol/servers for score changes"

check_watched

Re-scan all watched repos for score or tier changes (requires API key).

"Check my watched repos"

batch_check

Score up to 5 repos in a single call (Developer Pro or Team).

"Batch check these repos: anthropics/anthropic-sdk-typescript, langchain-ai/langchainjs"

auto_gate

Get a boolean go/no-go decision with reasoning.

"Should I install this MCP server? 21st-dev/magic-mcp"

build_stack

Recommend a vetted, pre-scored stack from MCP Skills' curated packages.

"Build me a stack: auth + payments + email"

Full Reports

Free tier returns trust tier + dimension scores (same as mcpskills.io free scans, 10/day).

For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:

export MCPSKILLS_API_KEY=your_key_here

Get your API key at mcpskills.io/api. Developer Pro is $19/mo or $149/yr. Team is $99/mo for org/security workflows.

How It Works

The server calls the mcpskills.io trust scoring API, which:

  1. Fetches repo data from GitHub API and OpenSSF Scorecard
  2. Scores 13 standard signals across 4 dimensions (Alive, Legit, Solid, Usable)
  3. Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals — 15 total)
  4. Runs 5 safety scans based on ClawHavoc and ToxicSkills attack patterns
  5. Assigns a trust tier: Verified (>=7.0), Established (>=4.5), New, or Blocked

License

MIT — Built by Michael Browne at Rise Above Partners.

MCP Server · Populars

MCP Server · New