skillsmith
Verified Safeby smith-horn
Overview
Skillsmith is a skill discovery, recommendation, and learning system for Claude Code users, enabling them to find, evaluate, install, and manage AI skills for their projects. It includes tools for code analysis, subagent generation, and registry synchronization.
Installation
npx -y @skillsmith/mcp-serverEnvironment Variables
- SUPABASE_URL
- SUPABASE_ANON_KEY
- SUPABASE_SERVICE_ROLE_KEY
- RESEND_API_KEY
- STRIPE_SECRET_KEY
- GITHUB_TOKEN
- GITHUB_APP_ID
- GITHUB_APP_INSTALLATION_ID
- GITHUB_APP_PRIVATE_KEY
- UPSTASH_REDIS_REST_URL
- UPSTASH_REDIS_REST_TOKEN
- SKILLSMITH_LICENSE_KEY
- APP_URL
- EMAIL_FROM
- EMAIL_REPLY_TO
- DASHBOARD_URL
- DOCS_URL
- QUICKSTART_URL
- STRIPE_WEBHOOK_SECRET
- MIGRATION_BATCH_SIZE
- MIGRATION_CONCURRENCY
- MIGRATION_CHECKPOINT_INTERVAL
- SKILLSMITH_DB_PATH
- CLAUDE_FLOW_USE_V3_API
- SKILLSMITH_LLM_FAILOVER_ENABLED
- SKILLSMITH_USE_MOCK_EMBEDDINGS
- SKILLSMITH_TELEMETRY_ENABLED
- SKILLSMITH_METRICS_ENABLED
- SKILLSMITH_ANALYSIS_METRICS_ENABLED
- LOG_FORMAT
- LOG_LEVEL
- OPENAI_API_KEY
- SKILLSMITH_LOG_QUALITY_SCORE
- RATE_LIMIT_FAIL_CLOSED
- CORS_ALLOWED_ORIGINS
- WEBHOOK_PORT
- WEBHOOK_HOST
- STRIPE_WEBHOOK_PORT
- STRIPE_WEBHOOK_HOST
Security Notes
The server demonstrates a strong security posture with comprehensive input validation and sanitization (including protection against SSRF, path traversal, and SQL injection). Secrets are managed via environment variables and Varlock, with pre-push checks for hardcoded secrets. It employs robust rate limiting via Upstash Redis. Critically, it features a dedicated SkillSandbox and SecurityScanner for safe execution and analysis of potentially untrusted skill code, with explicit checks for malicious patterns and data exfiltration. Stripe webhooks are secured with signature verification. The Elastic License 2.0 is a source-available license with commercial-grade restrictions on managed services and license key circumvention.
Similar Servers
claude-code-subagents-collection
The repository serves as a comprehensive marketplace and registry for Claude Code, offering a wide array of specialized AI agents, commands, hooks, and a catalog of external Model Context Protocol (MCP) servers to enhance development workflows.
claude-code-mcp
Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.
mcpick
Manages MCP server configurations for Claude Code to optimize context usage and performance by enabling/disabling servers, creating backups, and using profiles.