skillz
by intellectronica
Overview
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
Installation
docker run -i --rm -v /path/to/skills:/skillz intellectronica/skillz /skillzSecurity Notes
The server uses `yaml.safe_load` for parsing skill metadata, mitigating direct YAML injection risks. It explicitly implements path traversal prevention in resource URIs (e.g., checks for '..') to restrict access. The core functionality is to discover and expose skill definitions and resources; the execution of any bundled helper scripts or code is deferred to the consuming AI client. The README explicitly warns users to treat skills as untrusted code and run in sandboxes/containers, indicating that while the server implements some hardening, the overall system design involves a critical security boundary at the client's execution of skill content.
Similar Servers
claude-code-mcp
Provides an MCP server to allow LLMs to directly invoke Claude Code CLI for complex coding, file system, and Git operations, bypassing interactive permission prompts.
mcp-servers
An MCP server for fetching, cleaning, and intelligently extracting content from web pages, designed for agent-building frameworks.
skrills
Provides a Machine-checked Proof (MCP) server and CLI for efficient discovery, filtering, and injection of local SKILL.md files into AI agent prompts.
codex-mcp-skills
Serves local SKILL.md files to AI agents via an MCP server, enabling prompt-filtered context injection and skill management.