skillz
by intellectronica
Overview
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
Installation
docker run -i --rm -v /path/to/skills:/skillz intellectronica/skillz /skillzSecurity Notes
The server uses `yaml.safe_load` for parsing skill metadata, mitigating direct YAML injection risks. It explicitly implements path traversal prevention in resource URIs (e.g., checks for '..') to restrict access. The core functionality is to discover and expose skill definitions and resources; the execution of any bundled helper scripts or code is deferred to the consuming AI client. The README explicitly warns users to treat skills as untrusted code and run in sandboxes/containers, indicating that while the server implements some hardening, the overall system design involves a critical security boundary at the client's execution of skill content.
Similar Servers
claude-code-mcp
Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.
agentx
A unified CLI tool for managing MCP (Model Context Protocol) servers and skills across multiple AI coding agents like Claude Code, Codex, Cursor, Gemini CLI, and OpenCode.
skrills
A versatile tool to manage, validate, analyze, and synchronize AI skills and agent configurations for Claude Code and Codex CLI, running as an MCP server.
codex-mcp-skills
Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.