MCP server for SkillsSafe — the security layer for AI agents.
Scan SKILL.md files, MCP configs, and system prompts for:
- 🔐 Credential theft & data exfiltration
- 💉 Prompt injection attacks
- 👻 Zero-width character attacks
- 🦠 ClawHavoc malware indicators
- 🐚 Shell injection & reverse shells
- 🔍 Scope creep & memory poisoning
Free. No API key. No signup.
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"skillssafe": {
"command": "npx",
"args": ["-y", "skillssafe-mcp"]
}
}
}Add to .cursor/mcp.json:
{
"mcpServers": {
"skillssafe": {
"command": "npx",
"args": ["-y", "skillssafe-mcp"]
}
}
}For clients that support SSE transport:
https://mcp.skillssafe.com/sse
Scan an AI agent skill file for security threats before installation.
Parameters:
url - URL of skill to scan (GitHub raw URL, ClawHub URL, etc.)
content - Raw text content of skill to scan (alternative to url)
lang - Response language: "en" | "zh" | "ja" (default: "en")
Returns:
decision - INSTALL / REVIEW / BLOCK
risk_score - 0–100
threats - List of detected threats with severity
scan_id - ID for retrieving full report
Retrieve a previously generated scan report.
Parameters:
scan_id - Scan ID returned by scan_skill
- Official MCP Registry:
com.skillssafe/scanner - Smithery: skillssafe
- Glama: skillssafe-mcp
This project is indexed by SkillsSafe.
You can audit this MCP server before installing it:
openclaw mcp add skillssafe https://mcp.skillssafe.com/sseCheck out the community discussion on Cursor Forum.
MIT © SkillsSafe