Server

authSTDIOregistry active

Summary

Wraps the MCPSkills trust scoring API so you can vet MCP servers and npm packages before installing them directly from Claude or Cursor. Exposes tools like check_trust_score for 13 signal assessments across four dimensions (Alive, Legit, Solid, Usable), scan_safety for detecting prompt injection and credential theft patterns, and auto_gate for go/no-go decisions with reasoning. Free tier gets you trust tiers and dimension scores with a 10/day limit. Developer Pro unlocks full reports with all 15 signals in Skills Mode plus safety findings. Useful when you're browsing the MCP registry or evaluating third-party AI skills and want a second opinion backed by OpenSSF Scorecard data and attack pattern detection before you add something to your config.

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

Featured

CodeRabbit

AI writes the code. CodeRabbit catches the slop.

Try For Free →

Make your agent a DeFi expert

Agent, run crypto. Access onchain data & trade routes via 1inch.

Install now →

AppSignal

Monitor with ease. Code with confidence.

Start Free Trial →

Make money from your Skills

On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.

Start earning →

Put your SEO on autopilot

An agent that runs the SEO playbooks that move rankings and ships PRs you control.

Get founding access →

Vibe Prospecting MCP

Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.

Try For Free →

Configuration

MCPSKILLS_API_KEYsecret

Optional Pro API key for higher rate limits and full reports.

Registryactive

Package@mcpskillsio/server

TransportSTDIO

AuthRequired

UpdatedJun 9, 2026

View on GitHub

MCP Skills — the pre-install trust layer for MCP servers and AI skills

@mcpskillsio/server

Use the MCPSkills pre-install trust layer from inside Claude Code, Cursor, or any MCP client.

13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks. Check install risk before an MCP server or AI skill reaches your agent.

Install

Claude Code

claude mcp add mcpskills -- npx @mcpskillsio/server

Cursor

Add to your .cursor/mcp.json:

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

Tools

`check_trust_score`

Score any GitHub repo, npm package, or registry URL. Returns trust tier, composite score, and 4 dimension scores.

"Score anthropics/anthropic-sdk-typescript"

`scan_safety`

Focused safety scan for AI skills. Checks for prompt injection, shell execution, network exfiltration, credential theft, and obfuscated payloads.

"Is this MCP server safe? modelcontextprotocol/servers"

`list_packages`

Browse curated, pre-scored skill packages organized by use case.

"Show me safe AI skill packages for full-stack development"

`get_badge`

Generate an SVG trust badge URL for your README.

"Get a trust badge for my repo anthropics/anthropic-sdk-typescript"

`watch_repo`

Start monitoring a repo for trust score changes (requires API key).

"Watch modelcontextprotocol/servers for score changes"

`check_watched`

Re-scan all watched repos for score or tier changes (requires API key).

"Check my watched repos"

`batch_check`

Score up to 5 repos in a single call (Developer Pro or Team).

"Batch check these repos: anthropics/anthropic-sdk-typescript, langchain-ai/langchainjs"

`auto_gate`

Get a boolean go/no-go decision with reasoning.

"Should I install this MCP server? 21st-dev/magic-mcp"

`build_stack`

Recommend a vetted, pre-scored stack from MCP Skills' curated packages.

"Build me a stack: auth + payments + email"

Full Reports

Free tier returns trust tier + dimension scores (same as mcpskills.io free scans, 10/day).

For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:

export MCPSKILLS_API_KEY=your_key_here

Get your API key at mcpskills.io/api. Developer Pro is $19/mo or $149/yr. Team is $99/mo for org/security workflows.

How It Works

The server calls the mcpskills.io trust scoring API, which:

Fetches repo data from GitHub API and OpenSSF Scorecard
Scores 13 standard signals across 4 dimensions (Alive, Legit, Solid, Usable)
Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals — 15 total)
Runs 5 safety scans based on ClawHavoc and ToxicSkills attack patterns
Assigns a trust tier: Verified (>=7.0), Established (>=4.5), New, or Blocked

License

MIT — Built by Michael Browne at Rise Above Partners.