npm - @mcpskillsio/server - Versions diffs - 2.4.1 → 2.5.0 - Mend

@mcpskillsio/server 2.4.1 → 2.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,8 +1,8 @@
 # @mcpskillsio/server
-Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client.
+Use the MCPSkills pre-install trust layer from inside Claude Code, Cursor, or any MCP client.
-13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
+13 standard signals (15 in Skills Mode) across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks. Check install risk before an MCP server or AI skill reaches your agent.
 ## Install
@@ -46,7 +46,7 @@ Add to `claude_desktop_config.json`:
 ### `check_trust_score`
-Score any GitHub repo. Returns trust tier, composite score, and 4 dimension scores.
+Score any GitHub repo, npm package, or registry URL. Returns trust tier, composite score, and 4 dimension scores.
 ```
 "Score anthropics/anthropic-sdk-typescript"
@@ -84,9 +84,17 @@ Start monitoring a repo for trust score changes (requires API key).
 "Watch modelcontextprotocol/servers for score changes"
 ```
+### `check_watched`
+Re-scan all watched repos for score or tier changes (requires API key).
+```
+"Check my watched repos"
+```
 ### `batch_check`
-Score up to 5 repos in a single call (Pro tier).
+Score up to 5 repos in a single call (Developer Pro or Team).
 ```
 "Batch check these repos: anthropics/anthropic-sdk-typescript, langchain-ai/langchainjs"
@@ -110,7 +118,7 @@ Recommend a vetted, pre-scored stack from MCP Skills' curated packages.
 ## Full Reports
-Free tier returns trust tier + dimension scores (same as mcpskills.io free scans).
+Free tier returns trust tier + dimension scores (same as mcpskills.io free scans, 10/day).
 For full reports (13 standard / 15 Skills Mode signals + safety findings) inside your IDE, set your API key:
@@ -118,7 +126,7 @@ For full reports (13 standard / 15 Skills Mode signals + safety findings) inside
 export MCPSKILLS_API_KEY=your_key_here
 ```
-Get your API key at [mcpskills.io/api](https://mcpskills.io/api).
+Get your API key at [mcpskills.io/api](https://mcpskills.io/api). Developer Pro is $19/mo or $149/yr. Team is $99/mo for org/security workflows.
 ## How It Works

package/index.js CHANGED Viewed

@@ -13,7 +13,7 @@
  *   - get_badge: Get trust badge URL for READMEs
  *   - watch_repo: Monitor a repo for score changes
  *   - check_watched: Re-scan all watched repos
- *   - batch_check: Check up to 5 repos in one call (Pro)
+ *   - batch_check: Check up to 5 repos in one call (Developer Pro or Team)
  *   - auto_gate: "Should I install this?" → boolean + reason
  *   - build_stack: "What tools do I need?" → vetted stack from live trust data
  *
@@ -222,10 +222,10 @@ function formatAgentResponse(data) {
   }
   if (data.certified) {
-    lines.push('🏅 Certified Safe by MCP Skills');
+    lines.push('🏅 MCP Skills Verified');
   }
-  lines.push('', 'Set MCPSKILLS_API_KEY for full 14-signal breakdown.');
+  lines.push('', 'Set MCPSKILLS_API_KEY for the full signal breakdown (13 standard / 15 Skills Mode).');
   return lines.join('\n');
 }
@@ -396,7 +396,7 @@ function formatSafetyResult(data) {
 const server = new Server(
   {
     name: "mcpskills",
-    version: "2.4.1",
+    version: "2.5.0",
   },
   {
     capabilities: {
@@ -428,7 +428,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       {
         name: "scan_safety",
         description:
-          "Run a focused safety scan on an AI skill or MCP server. Checks for prompt injection, shell execution, network exfiltration, credential theft, and obfuscated payloads. Accepts any input format (owner/repo, npm package, Smithery URL, etc.).",
+          "Run a focused safety scan on an AI skill or MCP server. Checks for prompt injection, shell execution, network exfiltration, credential theft, obfuscated payloads, public network binding (0.0.0.0), and risky npm lifecycle scripts (preinstall/install/postinstall). Accepts any input format (owner/repo, npm package, Smithery URL, etc.).",
         inputSchema: {
           type: "object",
           properties: {
@@ -508,7 +508,7 @@ server.setRequestHandler(ListToolsRequestSchema, async () => {
       {
         name: "batch_check",
         description:
-          "Check up to 5 repos or packages in one call. Returns a trust assessment for each. Requires a Pro API key. Accepts any mix of formats (owner/repo, npm packages, registry URLs).",
+          "Check up to 5 repos or packages in one call. Returns a trust assessment for each. Requires a Developer Pro or Team API key. Accepts any mix of formats (owner/repo, npm packages, registry URLs).",
         inputSchema: {
           type: "object",
           properties: {
@@ -800,7 +800,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         if (!apiKey) {
           return {
-            content: [{ type: "text", text: "batch_check requires a Pro API key. Set MCPSKILLS_API_KEY env var.\nGet one at https://mcpskills.io" }],
+            content: [{ type: "text", text: "batch_check requires a Developer Pro or Team API key. Set MCPSKILLS_API_KEY env var.\nGet one at https://mcpskills.io/api" }],
             isError: true,
           };
         }
@@ -861,7 +861,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           // Agent compact response
           proceed = data.safe || data.certified;
           if (data.certified) {
-            reason = `Certified Safe — verified by MCP Skills (${data.score}/10)`;
+            reason = `MCP Skills Verified (${data.score}/10)`;
           } else if (data.safe) {
             reason = `${data.tier} (${data.score}/10). ${data.reasoning || 'No disqualifiers.'}`;
           } else {
@@ -1071,7 +1071,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
           lines.push(`Full signal breakdown available for each tool via check_trust_score.`);
         } else {
           lines.push(`---`);
-          lines.push(`Set MCPSKILLS_API_KEY for full 14-signal reports on each tool.`);
+          lines.push(`Set MCPSKILLS_API_KEY for full reports on each tool (13 standard / 15 Skills Mode).`);
           lines.push(`Get a key at https://mcpskills.io`);
         }

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@mcpskillsio/server",
-  "version": "2.4.1",
-  "description": "Trust-score any AI skill or MCP server from inside Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontmatter parsing + transparency scoring, recommendations, badges, monitoring, batch checking, auto-gate decisions, and stack building from live trust data.",
+  "version": "2.5.0",
+  "description": "Use the MCPSkills pre-install trust layer from Claude Code, Cursor, or any MCP client. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills. 15 signals (incl. OSV/KEV/EPSS vulnerability intelligence), safety scanning, OpenClaw frontmatter parsing + transparency scoring, recommendations, badges, monitoring, batch checking, auto-gate decisions, and stack building from live trust data.",
   "type": "module",
   "main": "index.js",
   "bin": {
@@ -9,7 +9,7 @@
   },
   "scripts": {
     "start": "node index.js",
-    "test": "node --test test/"
+    "test": "node --test test/*.test.js"
   },
   "keywords": [
     "mcp",