Trust scoring for MCP servers, AI skills & npm packages — 15 signals + safety scanning.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"mcpskills": {
"args": [
"@mcpskillsio/server"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Use the MCPSkills pre-install trust layer from inside Claude Code, Cursor, or any MCP client.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@mcpskillsio/server' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
No known CVEs.
Checked @mcpskillsio/server against OSV.dev.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in other
Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.
Autonomous spec-to-product coding-agent CLI with an MCP server exposing 34 tools over stdio.
97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server
App framework, testing framework, and inspector for MCP Apps.
MCP Security Weekly
Get CVE alerts and security updates for io.mcpskills/server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Use the MCPSkills pre-install trust layer from inside Claude Code, Cursor, or any MCP client.
13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks. Check install risk before an MCP server or AI skill reaches your agent.
claude mcp add mcpskills -- npx @mcpskillsio/server
Add to your .cursor/mcp.json:
{
"mcpServers": {
"mcpskills": {
"command": "npx",
"args": ["@mcpskillsio/server"]
}
}
}
Add to claude_desktop_config.json:
{
"mcpServers": {
"mcpskills": {
"command": "npx",
"args": ["@mcpskillsio/server"]
}
}
}
check_trust_scoreScore any GitHub repo, npm package, or registry URL. Returns trust tier, composite score, and 4 dimension scores.
"Score anthropics/anthropic-sdk-typescript"
scan_safetyFocused safety scan for AI skills. Checks for prompt injection, shell execution, network exfiltration, credential theft, and obfuscated payloads.
"Is this MCP server safe? modelcontextprotocol/servers"
list_packagesBrowse curated, pre-scored skill packages organized by use case.
"Show me safe AI skill packages for full-stack development"
get_badgeGenerate an SVG trust badge URL for your README.
"Get a trust badge for my repo anthropics/anthropic-sdk-typescript"
watch_repoStart monitoring a repo for trust score changes (requires API key).
"Watch modelcontextprotocol/servers for score changes"
check_watchedRe-scan all watched repos for score or tier changes (requires API key).
"Check my watched repos"
batch_checkScore up to 5 repos in a single call (Developer Pro or Team).
"Batch check these repos: anthropics/anthropic-sdk-typescript, langchain-ai/langchainjs"
auto_gateGet a boolean go/no-go decision with reasoning.
"Should I install this MCP server? 21st-dev/magic-mcp"
build_stackRecommend a vetted, pre-scored stack from MCP Skills' curated packages.
"Build me a stack: auth + payments + email"
Free tier returns trust tier + dimension scores (same as mcpskills.io free scans, 10/day).
For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:
export MCPSKILLS_API_KEY=your_key_here
Get your API key at mcpskills.io/api. Developer Pro is $19/mo or $149/yr. Team is $99/mo for org/security workflows.
The server calls the mcpskills.io trust scoring API, which: