ai-skills-hub
by LidoxLee
Overview
Provides AI assistants with access to a team's coding standards, best practices, and knowledge base by dynamically loading Markdown skill files via an MCP server.
Installation
npm startEnvironment Variables
- OPENAI_API_KEY
- GEMINI_API_KEY
- ANTHROPIC_API_KEY
Security Notes
The `executeSkillScript` function, exposed as an MCP tool, uses `child_process.spawn` with `shell: true`. While it attempts to sanitize `script_path` to prevent directory traversal and ensures the script is within the designated skill directory, the `shell: true` option introduces a critical security risk. If a skill containing a malicious script (or arguments with shell metacharacters) is added from an untrusted URL (via `skillshub add`) and an AI agent is prompted to execute it, arbitrary shell commands could be injected and executed with the permissions of the user running the `ai-skills-hub` server. This could lead to remote code execution. Additionally, the `skillshub add <url>` command allows downloading skills from arbitrary URLs, making it a potential vector for supply chain attacks by introducing untrusted code into the local skills directory.
Similar Servers
scraps
The Scraps MCP server provides an interface for AI assistants to interact with a knowledge base of interconnected Markdown documentation, enabling features like content search, tag listing, and link/backlink lookup.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.
athena-protocol
An intelligent MCP server that acts as an AI tech lead for coding agents, providing expert validation, impact analysis, and strategic guidance before code changes are made.
doc-bot
An intelligent MCP (Model Context Protocol) server that enhances AI coding assistants by providing smart documentation management and API references for deep project understanding.