agent-skill-loader
Verified Safeby back1ply
Overview
Acts as a Model Context Protocol (MCP) server to dynamically load and manage AI agent skills from the local file system.
Installation
agent-skill-loaderEnvironment Variables
- MCP_WORKSPACE_ROOT
- MCP_SKILL_PATHS
Security Notes
The server correctly implements critical path validation to prevent directory traversal attacks in the `install_skill` function, ensuring target paths remain within the designated workspace. It uses standard Node.js file system operations with robust error handling, preventing crashes due to inaccessible or malformed skill files. There is no usage of 'eval', obfuscation, or direct arbitrary command execution via `child_process`. Network interactions are limited to the MCP standard I/O transport, not opening arbitrary ports. Custom .env loading is implemented safely to avoid stdout corruption during MCP initialization.
Similar Servers
codex-mcp-skills
Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.
skrills
A versatile tool to manage, validate, analyze, and synchronize AI skills and agent configurations for Claude Code and Codex CLI, running as an MCP server.
mcp-server-nodejs-api-docs
Provides up-to-date Node.js API documentation and release schedule information as a service via the Model Context Protocol.
filesystem-mcp
Provides secure, efficient, and token-optimized filesystem operations for AI agents via the Model Context Protocol.