@mcpskillsio/server 2.4.0 → 2.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +12 -4
  2. package/index.js +4 -4
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client.
4
4
 
5
- 14 signals across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
5
+ 13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
6
6
 
7
7
  ## Install
8
8
 
@@ -100,11 +100,19 @@ Get a boolean go/no-go decision with reasoning.
100
100
  "Should I install this MCP server? 21st-dev/magic-mcp"
101
101
  ```
102
102
 
103
+ ### `build_stack`
104
+
105
+ Recommend a vetted, pre-scored stack from MCP Skills' curated packages.
106
+
107
+ ```
108
+ "Build me a stack: auth + payments + email"
109
+ ```
110
+
103
111
  ## Full Reports
104
112
 
105
113
  Free tier returns trust tier + dimension scores (same as mcpskills.io free scans).
106
114
 
107
- For full 14-signal reports with detailed safety findings inside your IDE, set your API key:
115
+ For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:
108
116
 
109
117
  ```bash
110
118
  export MCPSKILLS_API_KEY=your_key_here
@@ -117,8 +125,8 @@ Get your API key at [mcpskills.io/api](https://mcpskills.io/api).
117
125
  The server calls the mcpskills.io trust scoring API, which:
118
126
 
119
127
  1. Fetches repo data from GitHub API and OpenSSF Scorecard
120
- 2. Scores 14 signals across 4 dimensions (Alive, Legit, Solid, Usable)
121
- 3. Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals)
128
+ 2. Scores 13 standard signals across 4 dimensions (Alive, Legit, Solid, Usable)
129
+ 3. Detects AI skills/MCP servers and activates Skills Mode (+2 bonus signals — 15 total)
122
130
  4. Runs 5 safety scans based on ClawHavoc and ToxicSkills attack patterns
123
131
  5. Assigns a trust tier: Verified (>=7.0), Established (>=4.5), New, or Blocked
124
132
 
package/index.js CHANGED
@@ -225,7 +225,7 @@ function formatAgentResponse(data) {
225
225
  lines.push('🏅 Certified Safe by MCP Skills');
226
226
  }
227
227
 
228
- lines.push('', 'Set MCPSKILLS_API_KEY for full 14-signal breakdown.');
228
+ lines.push('', 'Set MCPSKILLS_API_KEY for the full signal breakdown (13 standard / 15 Skills Mode).');
229
229
 
230
230
  return lines.join('\n');
231
231
  }
@@ -396,7 +396,7 @@ function formatSafetyResult(data) {
396
396
  const server = new Server(
397
397
  {
398
398
  name: "mcpskills",
399
- version: "2.4.0",
399
+ version: "2.4.2",
400
400
  },
401
401
  {
402
402
  capabilities: {
@@ -428,7 +428,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
428
428
  {
429
429
  name: "scan_safety",
430
430
  description:
431
- "Run a focused safety scan on an AI skill or MCP server. Checks for prompt injection, shell execution, network exfiltration, credential theft, and obfuscated payloads. Accepts any input format (owner/repo, npm package, Smithery URL, etc.).",
431
+ "Run a focused safety scan on an AI skill or MCP server. Checks for prompt injection, shell execution, network exfiltration, credential theft, obfuscated payloads, public network binding (0.0.0.0), and risky npm lifecycle scripts (preinstall/install/postinstall). Accepts any input format (owner/repo, npm package, Smithery URL, etc.).",
432
432
  inputSchema: {
433
433
  type: "object",
434
434
  properties: {
@@ -1071,7 +1071,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
1071
1071
  lines.push(`Full signal breakdown available for each tool via check_trust_score.`);
1072
1072
  } else {
1073
1073
  lines.push(`---`);
1074
- lines.push(`Set MCPSKILLS_API_KEY for full 14-signal reports on each tool.`);
1074
+ lines.push(`Set MCPSKILLS_API_KEY for full reports on each tool (13 standard / 15 Skills Mode).`);
1075
1075
  lines.push(`Get a key at https://mcpskills.io`);
1076
1076
  }
1077
1077
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mcpskillsio/server",
3
- "version": "2.4.0",
3
+ "version": "2.4.2",
4
4
  "description": "Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontmatter parsing + transparency scoring, recommendations, badges, monitoring, batch checking, auto-gate decisions, and stack building from live trust data.",
5
5
  "type": "module",
6
6
  "main": "index.js",