codex-mcp-skills
Verified Safeby athola
Overview
Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.
Installation
skrills serveEnvironment Variables
- SKRILLS_CLAUDE_API_KEY
- SKRILLS_CODEX_API_KEY
- GITHUB_TOKEN
Security Notes
The project demonstrates a strong focus on security, with extensive threat modeling documentation, explicit input sanitization to prevent common vulnerabilities (e.g., path traversal, command injection in CLI binary names, GitHub query injection), and the use of environment variables for API keys. It actively audits dependencies using `cargo audit` (evidenced by `audit.toml`). The core server does not execute arbitrary skill code directly; instead, it provides skills to external, trusted AI clients (Claude/Codex), delegating execution risk. HTTP transport supports authentication and TLS. No 'eval' or obvious malicious patterns were found.
Similar Servers
skillz
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
rust-docs-mcp
Provides AI agents with deep, cached access to Rust crate documentation, source code, and project structure for enhanced development.
agentx
A unified CLI tool for managing MCP (Model Context Protocol) servers and skills across multiple AI coding agents like Claude Code, Codex, Cursor, Gemini CLI, and OpenCode.
skrills
A versatile tool to manage, validate, analyze, and synchronize AI skills and agent configurations for Claude Code and Codex CLI, running as an MCP server.