skillsmith
Verified Safeby smith-horn
Overview
Skillsmith provides comprehensive tools for discovering, recommending, installing, and managing Claude Code skills, enhancing AI agent workflows.
Installation
npx -y @skillsmith/mcp-serverEnvironment Variables
- SUPABASE_URL
- SUPABASE_ANON_KEY
- SUPABASE_SERVICE_ROLE_KEY
- GITHUB_TOKEN
- GITHUB_APP_ID
- GITHUB_APP_INSTALLATION_ID
- GITHUB_APP_PRIVATE_KEY
- CORS_ALLOWED_ORIGINS
- UPSTASH_REDIS_REST_URL
- UPSTASH_REDIS_REST_TOKEN
- RATE_LIMIT_FAIL_CLOSED
- SKILLSMITH_USE_MOCK_EMBEDDINGS
- LINEAR_API_KEY
- SKILLSMITH_LICENSE_KEY
- WEBHOOK_PORT
- WEBHOOK_HOST
- GITHUB_WEBHOOK_SECRET
Security Notes
The project demonstrates a high degree of security consciousness, employing robust input sanitization, SQL-like pattern escaping, and utilizing RPC functions to prevent injection vulnerabilities. Critical operations like installing external skills are mitigated by integrating a dedicated `SecurityScanner` for content analysis. Secrets management is handled via `varlock` and environment variables. The architecture leverages Deno for Edge Functions, enhancing runtime isolation. While external code installation inherently carries risk, the explicit security measures and continuous auditing efforts make this server notably safer than many. Potential risks from the custom YAML parser are minimized by its simplicity, focusing only on key-value extraction.
Similar Servers
claude-code-subagents-collection
The repository serves as a comprehensive marketplace and registry for Claude Code, offering a wide array of specialized AI agents, commands, hooks, and a catalog of external Model Context Protocol (MCP) servers to enhance development workflows.
claude-code-mcp
Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.
skillz
Acts as an MCP server to expose Claude-style skills and their resources as callable tools for AI agents.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.