@mcpskillsio/server 2.4.0 → 2.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +12 -4
  2. package/index.js +1 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client.
4
4
 
5
- 14 signals across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
5
+ 13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
6
6
 
7
7
  ## Install
8
8
 
@@ -100,11 +100,19 @@ Get a boolean go/no-go decision with reasoning.
100
100
  "Should I install this MCP server? 21st-dev/magic-mcp"
101
101
  ```
102
102
 
103
+ ### `build_stack`
104
+
105
+ Recommend a vetted, pre-scored stack from MCP Skills' curated packages.
106
+
107
+ ```
108
+ "Build me a stack: auth + payments + email"
109
+ ```
110
+
103
111
  ## Full Reports
104
112
 
105
113
  Free tier returns trust tier + dimension scores (same as mcpskills.io free scans).
106
114
 
107
- For full 14-signal reports with detailed safety findings inside your IDE, set your API key:
115
+ For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:
108
116
 
109
117
  ```bash
110
118
  export MCPSKILLS_API_KEY=your_key_here
@@ -117,8 +125,8 @@ Get your API key at [mcpskills.io/api](https://mcpskills.io/api).
117
125
  The server calls the mcpskills.io trust scoring API, which:
118
126
 
119
127
  1. Fetches repo data from GitHub API and OpenSSF Scorecard
120
- 2. Scores 14 signals across 4 dimensions (Alive, Legit, Solid, Usable)
121
- 3. Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals)
128
+ 2. Scores 13 standard signals across 4 dimensions (Alive, Legit, Solid, Usable)
129
+ 3. Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals — 15 total)
122
130
  4. Runs 5 safety scans based on ClawHavoc and ToxicSkills attack patterns
123
131
  5. Assigns a trust tier: Verified (>=7.0), Established (>=4.5), New, or Blocked
124
132
 
package/index.js CHANGED
@@ -396,7 +396,7 @@ function formatSafetyResult(data) {
396
396
  const server = new Server(
397
397
  {
398
398
  name: "mcpskills",
399
- version: "2.4.0",
399
+ version: "2.4.1",
400
400
  },
401
401
  {
402
402
  capabilities: {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mcpskillsio/server",
3
- "version": "2.4.0",
3
+ "version": "2.4.1",
4
4
  "description": "Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontmatter parsing + transparency scoring, recommendations, badges, monitoring, batch checking, auto-gate decisions, and stack building from live trust data.",
5
5
  "type": "module",
6
6
  "main": "index.js",