skills-mcp-server
Verified Safeby sfc-gh-dflippo
Overview
Manages AI agent skills by synchronizing them from local SKILL.md files and remote Git repositories into a consolidated AGENTS.md catalog.
Installation
npx tsx .claude/skills/skills-sync/scripts/sync-skills.tsSecurity Notes
The skill executes external `git` commands (`git clone`, `git pull`) using `subprocess.run` (Python) or `child_process.execSync` (TypeScript). While necessary for its function, this involves executing arbitrary commands based on URLs specified in `repos.txt`. If `repos.txt` were to be compromised or contain malicious URLs, it could lead to arbitrary code execution through Git's extensibility features (e.g., hooks). However, the skill itself does not expose obvious vulnerabilities like `eval` or hardcoded credentials in the truncated source. The primary risk lies in the trust placed on the contents of `repos.txt` and the remote repositories.
Similar Servers
github-mcp-server
The GitHub MCP Server enables AI agents, assistants, and chatbots to interact with GitHub's platform for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration through natural language.
responsible-vibe-mcp
Manages conversation state and guides LLM coding agents through structured software development workflows with long-term project memory and multi-agent collaboration.
codex-mcp-skills
Manages, validates, analyzes, and synchronizes AI skills and configurations for Claude Code and Codex CLI, also serving them to MCP clients and running subagents.
llms
A centralized configuration and documentation management system for LLMs, providing tools for building skills, commands, agents, prompts, and managing MCP servers across multiple LLM providers.