npm - @skilljack/mcp - Versions diffs - 0.5.1 → 0.7.0 - Mend

@skilljack/mcp 0.5.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md +12 -309
package/package.json +13 -4
package/skills/skilljack-docs/SKILL.md +431 -0

package/README.md CHANGED Viewed

@@ -2,29 +2,6 @@
 An MCP server that jacks [Agent Skills](https://agentskills.io) directly into your LLM's brain.
-> **Recommended:** For best results, use an MCP client that supports `tools/listChanged` notifications (e.g., Claude Code). This enables dynamic skill discovery - when skills are added or modified, the client automatically refreshes its understanding of available skills.
-## Features
-- **Dynamic Skill Discovery** - Watches skill directories and automatically refreshes when skills change
-- **Tool List Changed Notifications** - Sends `tools/listChanged` so clients can refresh available skills
-- **Skill Tool** - Load full skill content on demand (progressive disclosure)
-- **MCP Prompts** - Load skills via `/skill` prompt with auto-completion or per-skill prompts
-- **MCP Resources** - Access skills via `skill://` URIs with batch collection support
-- **Resource Subscriptions** - Real-time file watching with `notifications/resources/updated`
-## Motivation
-This repo demonstrates a way to approach integrating skills using existing MCP primitives.
-MCP already has the building blocks:
-- **Tools** for on-demand skill loading (the `skill` tool with dynamically updated descriptions)
-- **Resources** for explicit skill access (`skill://` URIs)
-- **Notifications** for real-time updates (`tools/listChanged`, `resources/updated`)
-- **Prompts** for explicitly invoking skills by name (`/my-server-skill`)
-This approach provides separation of concerns.  Rather than every MCP server needing to embed skill handling, the server acts as a dedicated 'skill gateway'. Server authors can bundle skills alongside their MCP servers without modifying the servers themselves. If MCP registries support robust tool discovery, skill tools become discoverable like any other tool.
 ## Installation
 ```bash
@@ -48,309 +25,35 @@ npm run build
 ## Usage
-Configure one or more skills directories containing your Agent Skills:
 ```bash
 # Single directory
 skilljack-mcp /path/to/skills
-# Multiple directories (separate args or comma-separated)
+# Multiple directories
 skilljack-mcp /path/to/skills /path/to/more/skills
-skilljack-mcp /path/to/skills,/path/to/more/skills
-# Using environment variable (comma-separated for multiple)
+# Using environment variable
 SKILLS_DIR=/path/to/skills skilljack-mcp
-SKILLS_DIR=/path/to/skills,/path/to/more/skills skilljack-mcp
-```
-Each directory is scanned along with its `.claude/skills/` and `skills/` subdirectories for skills. Duplicate skill names are handled by keeping the first occurrence.
-**Windows note**: Use forward slashes in paths when using with MCP Inspector:
-```bash
-skilljack-mcp "C:/Users/you/skills"
+# Static mode (no file watching)
+skilljack-mcp --static /path/to/skills
 ```
-## How It Works
-The server implements the [Agent Skills](https://agentskills.io) progressive disclosure pattern with dynamic updates:
-1. **At startup**: Discovers skills from configured directories and starts file watchers
-2. **On connection**: Skill tool description includes available skills metadata
-3. **On file change**: Re-discovers skills, updates tool description, sends `tools/listChanged`
-4. **On tool call**: Agent calls `skill` tool to load full SKILL.md content
-5. **As needed**: Agent calls `skill-resource` to load additional files
-```
-┌─────────────────────────────────────────────────────────┐
-│ Server starts                                            │
-│   • Discovers skills from configured directories         │
-│   • Starts watching for SKILL.md changes                 │
-│   ↓                                                      │
-│ MCP Client connects                                      │
-│   • Skill tool description includes available skills     │
-│   • Prompts registered for each skill                    │
-│   ↓                                                      │
-│ LLM sees skill metadata in tool description              │
-│   ↓                                                      │
-│ SKILL.md added/modified/removed                          │
-│   • Server re-discovers skills                           │
-│   • Updates skill tool description                       │
-│   • Updates prompt list (add/remove/modify)              │
-│   • Sends tools/listChanged notification                 │
-│   • Sends prompts/listChanged notification               │
-│   • Client refreshes tool and prompt definitions         │
-│   ↓                                                      │
-│ User invokes /skill prompt or /skill-name prompt         │
-│   OR LLM calls "skill" tool with skill name              │
-│   ↓                                                      │
-│ Server returns full SKILL.md content                     │
-│   ↓                                                      │
-│ LLM calls "skill-resource" for additional files          │
-│   • Scripts, snippets, references, assets, etc.          │
-└─────────────────────────────────────────────────────────┘
-```
-## Tools vs Resources vs Prompts
-This server exposes skills via **tools**, **resources**, and **prompts**:
-- **Tools** (`skill`, `skill-resource`) - For your agent to use autonomously. The LLM sees available skills in the tool description and calls them as needed.
-- **Prompts** (`/skill`, `/skill-name`) - For explicit user invocation. Use `/skill` with auto-completion or select a skill directly by name.
-- **Resources** (`skill://` URIs) - For manual selection in apps that support it (e.g., Claude Desktop's resource picker). Useful when you want to explicitly attach a skill to the conversation.
-Most users will rely on tools for automatic skill activation. Prompts provide user-initiated loading with auto-completion. Resources provide an alternative for manual control.
-## Progressive Disclosure Design
-This server implements the [Agent Skills progressive disclosure pattern](https://agentskills.io/specification#progressive-disclosure), which structures skills for efficient context usage:
-| Level | Tokens | What's loaded | When |
-|-------|--------|---------------|------|
-| **Metadata** | ~100 | `name` and `description` | At startup, for all skills |
-| **Instructions** | < 5000 | Full SKILL.md body | When skill is activated |
-| **Resources** | As needed | Files in `scripts/`, `references/`, `assets/` | On demand via `skill-resource` |
-### How it works
-1. **Discovery** - Server loads metadata from all skills into the `skill` tool description
-2. **Activation** - When a skill is loaded (via tool, prompt, or resource), only the SKILL.md content is returned
-3. **Execution** - SKILL.md references additional files; agent fetches them with `skill-resource` as needed
-### Why SKILL.md documents its own resources
-The server doesn't automatically list all files in a skill directory. Instead, skill authors document available resources directly in their SKILL.md (e.g., "Copy the template from `templates/server.ts`"). This design choice follows the spec because:
-- **Skill authors know best** - They decide which files are relevant and when to use them
-- **Context efficiency** - Loading everything upfront wastes tokens on files the agent may not need
-- **Natural flow** - SKILL.md guides the agent through resources in a logical order
-**For skill authors:** Reference files using relative paths from the skill root (e.g., `snippets/tool.ts`, `references/api.md`). Keep your main SKILL.md under 500 lines; move detailed reference material to separate files. See the [Agent Skills specification](https://agentskills.io/specification) for complete authoring guidelines.
-## Tools
-### `skill`
-Load and activate an Agent Skill by name. Returns the full SKILL.md content.
-**Input:**
-```json
-{
-  "name": "skill-name"
-}
-```
-**Output:** Full SKILL.md content including frontmatter and instructions.
-### `skill-resource`
-Read files within a skill's directory (`scripts/`, `references/`, `assets/`, `snippets/`, etc.).
-This follows the Agent Skills spec's progressive disclosure pattern - resources are loaded only when needed.
-**Read a single file:**
-```json
-{
-  "skill": "mcp-server-ts",
-  "path": "snippets/tools/echo.ts"
-}
-```
-**Read all files in a directory:**
-```json
-{
-  "skill": "algorithmic-art",
-  "path": "templates"
-}
-```
-Returns all files in the directory as multiple content items.
-**List available files** (pass empty path):
-```json
-{
-  "skill": "mcp-server-ts",
-  "path": ""
-}
-```
-**Security:** Path traversal is prevented - only files within the skill directory can be accessed.
-## Prompts
-Skills can be loaded via MCP [Prompts](https://modelcontextprotocol.io/specification/2025-11-05/server/prompts) for explicit user invocation.
-### `/skill` Prompt
-Load a skill by name with auto-completion support.
-**Arguments:**
-- `name` (string, required) - Skill name with auto-completion
-The prompt description includes all available skills for discoverability. As you type the skill name, matching skills are suggested.
-### Per-Skill Prompts
-Each discovered skill is also registered as its own prompt (e.g., `/mcp-server-ts`, `/algorithmic-art`).
+## Configuration UI
-- No arguments needed - just select and invoke
-- Description shows the skill's own description
-- List updates dynamically as skills change
+![Skills Configuration UI](docs/images/skills-config-ui.png)
-**Example:** If you have a skill named `mcp-server-ts`, you can invoke it directly as `/mcp-server-ts`.
+## Skill Display UI
-### Content Annotations
+![Skill Display UI](docs/images/skill-display-ui.png)
-Prompt responses include MCP [content annotations](https://modelcontextprotocol.io/specification/2025-11-25/server/prompts#embedded-resources) for proper handling:
+## Documentation
-- `audience: ["assistant"]` - Content is intended for the LLM, not the user
-- `priority: 1.0` - High priority content that should be included in context
+For complete documentation, just ask your assistant:
-Prompts return embedded resources with the skill's `skill://` URI, allowing clients to track the content source.
-## Resources
-Skills are also accessible via MCP [Resources](https://modelcontextprotocol.io/specification/2025-11-25/server/resources#resources) using `skill://` URIs.
-### URI Patterns
-| URI | Returns |
-|-----|---------|
-| `skill://{name}` | Single skill's SKILL.md content |
-| `skill://{name}/` | All files in skill directory (collection) |
-Individual file URIs (`skill://{name}/{path}`) are not listed as resources to reduce noise. Use the `skill-resource` tool to fetch specific files on demand.
-### Resource Subscriptions
-Clients can subscribe to resources for real-time updates when files change.
-**Capability:** `resources: { subscribe: true, listChanged: true }`
-**Subscribe to a resource:**
-```
-→ resources/subscribe { uri: "skill://mcp-server-ts" }
-← {} (success)
-```
-**Receive notifications when files change:**
-```
-← notifications/resources/updated { uri: "skill://mcp-server-ts" }
-```
-**Unsubscribe:**
-```
-→ resources/unsubscribe { uri: "skill://mcp-server-ts" }
-← {} (success)
-```
-**How it works:**
-1. Client subscribes to a `skill://` URI
-2. Server resolves URI to file path(s) and starts watching with chokidar
-3. When files change, server debounces (100ms) and sends notification
-4. Client can re-read the resource to get updated content
-## Security
-**Skills are treated as trusted content.** This server reads and serves skill files directly to clients without sanitization. Only configure skills directories containing content you trust.
-Protections in place:
-- Path traversal prevention (symlink-aware)
-- File size limits (1MB default, configurable via `MAX_FILE_SIZE_MB` env var)
-- Directory depth limits
-- Skill content is confined to configured directories
-Not protected against:
-- Malicious content within trusted skill directories
-- Prompt injection via skill instructions (skills can influence LLM behavior by design)
-## Dynamic Skill Discovery
-The server watches skill directories for changes. When SKILL.md files are added, modified, or removed:
-1. Skills are re-discovered from all configured directories
-2. The `skill` tool's description is updated with current skill names and metadata
-3. Per-skill prompts are added, removed, or updated accordingly
-4. `tools/listChanged` and `prompts/listChanged` notifications are sent to connected clients
-5. Clients that support these notifications will refresh tool and prompt definitions
-## Skill Metadata Format
-The `skill` tool description includes metadata for all available skills in XML format:
-```markdown
-# Skills
-When a user's task matches a skill description below: 1) activate it, 2) follow its instructions completely.
-<available_skills>
-<skill>
-<name>mcp-server-ts</name>
-<description>Build TypeScript MCP servers with composable code snippets...</description>
-<location>C:/path/to/mcp-server-ts/SKILL.md</location>
-</skill>
-</available_skills>
-```
-This metadata is dynamically updated when skills change - clients supporting `tools/listChanged` will automatically refresh.
-## Skill Discovery
-Skills are discovered at startup from the configured directories. For each directory, the server checks:
-- The directory itself for skill subdirectories
-- `.claude/skills/` subdirectory
-- `skills/` subdirectory
-Each skill subdirectory must contain a `SKILL.md` file with YAML frontmatter including `name` and `description` fields.
-## Testing
-### Manual Testing with MCP Inspector
-```bash
-npm run build
-npm run inspector -- /path/to/skills
-```
-### Automated Evals (Development Only)
-The `evals/` directory contains an evaluation framework for testing skill activation across different delivery modes. Evals are only available when developing from source (not included in the npm package).
-```bash
-# Clone the repo first
-git clone https://github.com/olaservo/skilljack-mcp.git
-cd skilljack-mcp
-# Install dev dependencies (includes claude-agent-sdk for evals)
-npm install
-# Build and run evals
-npm run build
-npm run eval                              # Default: greeting task, MCP mode
-npm run eval -- --task=xlsx-openpyxl      # Specific task
-npm run eval -- --mode=native             # Native skill mode
-npm run eval -- --mode=mcp+native         # Both MCP and native enabled
-```
+> "how do I use skilljack?" or "how does skilljack work behind the scenes?"
-See [evals/README.md](evals/README.md) for details on available tasks, modes, and findings about activation behavior differences.
+This loads the [full reference](https://github.com/olaservo/skilljack-mcp/blob/main/skills/skilljack-docs/SKILL.md) including tools, prompts, resources, configuration options, and architecture details.
 ## Related

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@skilljack/mcp",
-  "version": "0.5.1",
+  "version": "0.7.0",
   "description": "MCP server that discovers and serves Agent Skills. I know kung fu.",
   "type": "module",
   "main": "dist/index.js",
@@ -13,6 +13,8 @@
   "types": "dist/index.d.ts",
   "files": [
     "dist",
+    "dist/ui",
+    "skills",
     "README.md",
     "LICENSE"
   ],
@@ -35,7 +37,9 @@
     "node": ">=18.0.0"
   },
   "scripts": {
-    "build": "tsc",
+    "build": "npm run build:ui && npm run build:ui:display && tsc",
+    "build:ui": "vite build",
+    "build:ui:display": "cross-env INPUT=skill-display.html vite build --emptyOutDir false",
     "start": "node dist/index.js",
     "dev": "tsx watch src/index.ts",
     "inspector": "npx @modelcontextprotocol/inspector@latest node dist/index.js",
@@ -49,15 +53,20 @@
     "eval:xlsx-verify": "tsx evals/eval.ts --task=xlsx-verify"
   },
   "dependencies": {
-    "@modelcontextprotocol/sdk": "^1.25.1",
+    "@modelcontextprotocol/ext-apps": "^1.0.0",
+    "@modelcontextprotocol/sdk": "^1.25.3",
     "chokidar": "^5.0.0",
+    "simple-git": "^3.27.0",
     "yaml": "^2.7.0",
     "zod": "^3.25.0"
   },
   "devDependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.1.42",
     "@types/node": "^22.10.0",
+    "cross-env": "^7.0.3",
     "tsx": "^4.19.2",
-    "typescript": "^5.7.2"
+    "typescript": "^5.7.2",
+    "vite": "^6.0.0",
+    "vite-plugin-singlefile": "^2.0.0"
   }
 }

package/skills/skilljack-docs/SKILL.md ADDED Viewed

@@ -0,0 +1,431 @@
+---
+name: skilljack-docs
+description: Complete documentation for the Skilljack MCP server - tools, prompts, resources, configuration, and architecture reference.
+---
+# Skilljack MCP Documentation
+An MCP server that jacks [Agent Skills](https://agentskills.io) directly into your LLM's brain.
+> **Recommended:** For best results, use an MCP client that supports `tools/listChanged` notifications (e.g., Claude Code). This enables dynamic skill discovery - when skills are added or modified, the client automatically refreshes its understanding of available skills. Alternatively, use `--static` mode for predictable behavior with a fixed skill set.
+## Features
+- **Dynamic Skill Discovery** - Watches skill directories and automatically refreshes when skills change
+- **Tool List Changed Notifications** - Sends `tools/listChanged` so clients can refresh available skills
+- **Skill Tool** - Load full skill content on demand (progressive disclosure)
+- **MCP Prompts** - Load skills via `/skill` prompt with auto-completion or per-skill prompts
+- **MCP Resources** - Access skills via `skill://` URIs with batch collection support
+- **Resource Subscriptions** - Real-time file watching with `notifications/resources/updated`
+- **Configuration UI** - Manage skill directories through an interactive UI in supported clients
+## Motivation
+This server demonstrates a way to approach integrating skills using existing MCP primitives.
+MCP already has the building blocks:
+- **Tools** for on-demand skill loading (the `skill` tool with dynamically updated descriptions)
+- **Resources** for explicit skill access (`skill://` URIs)
+- **Notifications** for real-time updates (`tools/listChanged`, `resources/updated`)
+- **Prompts** for explicitly invoking skills by name (`/my-server-skill`)
+This approach provides separation of concerns. Rather than every MCP server needing to embed skill handling, the server acts as a dedicated 'skill gateway'. Server authors can bundle skills alongside their MCP servers without modifying the servers themselves. If MCP registries support robust tool discovery, skill tools become discoverable like any other tool.
+## Usage
+Configure one or more skills directories containing your Agent Skills:
+```bash
+# Single directory
+skilljack-mcp /path/to/skills
+# Multiple directories (separate args or comma-separated)
+skilljack-mcp /path/to/skills /path/to/more/skills
+skilljack-mcp /path/to/skills,/path/to/more/skills
+# Using environment variable (comma-separated for multiple)
+SKILLS_DIR=/path/to/skills skilljack-mcp
+SKILLS_DIR=/path/to/skills,/path/to/more/skills skilljack-mcp
+```
+Each directory is scanned along with its `.claude/skills/` and `skills/` subdirectories for skills. Duplicate skill names are handled by keeping the first occurrence.
+### Static Mode
+By default, Skilljack MCP watches skill directories for changes and notifies clients when skills are added, modified, or removed.
+Enable **static mode** to freeze the skills list at startup:
+```bash
+skilljack-mcp --static /path/to/skills
+# or
+SKILLJACK_STATIC=true skilljack-mcp /path/to/skills
+```
+In static mode:
+- Skills are discovered once at startup and never refreshed
+- No file watchers are set up for skill directories
+- `tools.listChanged` and `prompts.listChanged` capabilities are `false`
+- Resource subscriptions remain fully dynamic (individual skill files can still be watched)
+Use static mode when you need predictable behavior or have a fixed set of skills that won't change during the session.
+**Windows note**: Use forward slashes in paths when using with MCP Inspector:
+```bash
+skilljack-mcp "C:/Users/you/skills"
+```
+## Configuration UI
+In MCP clients that support [MCP Apps](https://blog.modelcontextprotocol.io/posts/2026-01-26-mcp-apps/) (like Claude Desktop), you can manage skill directories through an interactive UI.
+**To open the configuration UI**, ask your assistant to show the skilljack config:
+> "show me the skilljack config"
+The UI displays:
+- Current skill directories with skill counts
+- Status indicators showing which directories are from config vs command-line
+- Options to add new directories or remove existing ones
+Changes made through the UI are persisted to the server's configuration. Clients that support `tools/listChanged` notifications will see updates immediately; others may require reconnection.
+## Skill Display UI
+View all available skills and customize their invocation settings through the skill display UI.
+**To open the skill display UI**, ask your assistant:
+> "what skills are configured in skilljack?"
+The UI displays:
+- All discovered skills with name, description, and file path
+- **Source indicators** showing whether each skill is from a local directory or GitHub repository
+- **Invocation toggles** to enable/disable Assistant (model auto-invoke) and User (prompts menu) visibility
+- **Customized badge** when settings differ from frontmatter defaults
+Skills from GitHub repositories show the org/repo name (e.g., `modelcontextprotocol/ext-apps`), making it easy to identify where each skill originates.
+## How It Works
+The server implements the [Agent Skills](https://agentskills.io) progressive disclosure pattern with dynamic updates:
+1. **At startup**: Discovers skills from configured directories and starts file watchers
+2. **On connection**: Skill tool description includes available skills metadata
+3. **On file change**: Re-discovers skills, updates tool description, sends `tools/listChanged`
+4. **On tool call**: Agent calls `skill` tool to load full SKILL.md content
+5. **As needed**: Agent calls `skill-resource` to load additional files
+```
+┌─────────────────────────────────────────────────────────┐
+│ Server starts                                            │
+│   • Discovers skills from configured directories         │
+│   • Starts watching for SKILL.md changes                 │
+│   ↓                                                      │
+│ MCP Client connects                                      │
+│   • Skill tool description includes available skills     │
+│   • Prompts registered for each skill                    │
+│   ↓                                                      │
+│ LLM sees skill metadata in tool description              │
+│   ↓                                                      │
+│ SKILL.md added/modified/removed                          │
+│   • Server re-discovers skills                           │
+│   • Updates skill tool description                       │
+│   • Updates prompt list (add/remove/modify)              │
+│   • Sends tools/listChanged notification                 │
+│   • Sends prompts/listChanged notification               │
+│   • Client refreshes tool and prompt definitions         │
+│   ↓                                                      │
+│ User invokes /skill prompt or /skill-name prompt         │
+│   OR LLM calls "skill" tool with skill name              │
+│   ↓                                                      │
+│ Server returns full SKILL.md content                     │
+│   ↓                                                      │
+│ LLM calls "skill-resource" for additional files          │
+│   • Scripts, snippets, references, assets, etc.          │
+└─────────────────────────────────────────────────────────┘
+```
+## Tools vs Resources vs Prompts
+This server exposes skills via **tools**, **resources**, and **prompts**:
+- **Tools** (`skill`, `skill-resource`) - For your agent to use autonomously. The LLM sees available skills in the tool description and calls them as needed.
+- **Prompts** (`/skill`, `/skill-name`) - For explicit user invocation. Use `/skill` with auto-completion or select a skill directly by name.
+- **Resources** (`skill://` URIs) - For manual selection in apps that support it (e.g., Claude Desktop's resource picker). Useful when you want to explicitly attach a skill to the conversation.
+Most users will rely on tools for automatic skill activation. Prompts provide user-initiated loading with auto-completion. Resources provide an alternative for manual control.
+## Progressive Disclosure Design
+This server implements the [Agent Skills progressive disclosure pattern](https://agentskills.io/specification#progressive-disclosure), which structures skills for efficient context usage:
+| Level | Tokens | What's loaded | When |
+|-------|--------|---------------|------|
+| **Metadata** | ~100 | `name` and `description` | At startup, for all skills |
+| **Instructions** | < 5000 | Full SKILL.md body | When skill is activated |
+| **Resources** | As needed | Files in `scripts/`, `references/`, `assets/` | On demand via `skill-resource` |
+### How it works
+1. **Discovery** - Server loads metadata from all skills into the `skill` tool description
+2. **Activation** - When a skill is loaded (via tool, prompt, or resource), only the SKILL.md content is returned
+3. **Execution** - SKILL.md references additional files; agent fetches them with `skill-resource` as needed
+### Why SKILL.md documents its own resources
+The server doesn't automatically list all files in a skill directory. Instead, skill authors document available resources directly in their SKILL.md (e.g., "Copy the template from `templates/server.ts`"). This design choice follows the spec because:
+- **Skill authors know best** - They decide which files are relevant and when to use them
+- **Context efficiency** - Loading everything upfront wastes tokens on files the agent may not need
+- **Natural flow** - SKILL.md guides the agent through resources in a logical order
+**For skill authors:** Reference files using relative paths from the skill root (e.g., `snippets/tool.ts`, `references/api.md`). Keep your main SKILL.md under 500 lines; move detailed reference material to separate files. See the [Agent Skills specification](https://agentskills.io/specification) for complete authoring guidelines.
+## Tools
+### `skill`
+Load and activate an Agent Skill by name. Returns the full SKILL.md content.
+**Input:**
+```json
+{
+  "name": "skill-name"
+}
+```
+**Output:** Full SKILL.md content including frontmatter and instructions.
+### `skill-resource`
+Read files within a skill's directory (`scripts/`, `references/`, `assets/`, `snippets/`, etc.).
+This follows the Agent Skills spec's progressive disclosure pattern - resources are loaded only when needed.
+**Read a single file:**
+```json
+{
+  "skill": "mcp-server-ts",
+  "path": "snippets/tools/echo.ts"
+}
+```
+**Read all files in a directory:**
+```json
+{
+  "skill": "algorithmic-art",
+  "path": "templates"
+}
+```
+Returns all files in the directory as multiple content items.
+**List available files** (pass empty path):
+```json
+{
+  "skill": "mcp-server-ts",
+  "path": ""
+}
+```
+**Security:** Path traversal is prevented - only files within the skill directory can be accessed.
+## Prompts
+Skills can be loaded via MCP [Prompts](https://modelcontextprotocol.io/specification/2025-11-05/server/prompts) for explicit user invocation.
+### `/skill` Prompt
+Load a skill by name with auto-completion support.
+**Arguments:**
+- `name` (string, required) - Skill name with auto-completion
+The prompt description includes all available skills for discoverability. As you type the skill name, matching skills are suggested.
+### Per-Skill Prompts
+Each discovered skill is also registered as its own prompt (e.g., `/mcp-server-ts`, `/algorithmic-art`).
+- No arguments needed - just select and invoke
+- Description shows the skill's own description
+- List updates dynamically as skills change
+**Example:** If you have a skill named `mcp-server-ts`, you can invoke it directly as `/mcp-server-ts`.
+### Content Annotations
+Prompt responses include MCP [content annotations](https://modelcontextprotocol.io/specification/2025-11-25/server/prompts#embedded-resources) for proper handling:
+- `audience: ["assistant"]` - Content is intended for the LLM, not the user
+- `priority: 1.0` - High priority content that should be included in context
+Prompts return embedded resources with the skill's `skill://` URI, allowing clients to track the content source.
+## Resources
+Skills are also accessible via MCP [Resources](https://modelcontextprotocol.io/specification/2025-11-25/server/resources#resources) using `skill://` URIs.
+### URI Patterns
+| URI | Returns |
+|-----|---------|
+| `skill://{name}` | Single skill's SKILL.md content |
+| `skill://{name}/` | All files in skill directory (collection) |
+Individual file URIs (`skill://{name}/{path}`) are not listed as resources to reduce noise. Use the `skill-resource` tool to fetch specific files on demand.
+### Resource Subscriptions
+Clients can subscribe to resources for real-time updates when files change.
+**Capability:** `resources: { subscribe: true, listChanged: true }`
+**Subscribe to a resource:**
+```
+→ resources/subscribe { uri: "skill://mcp-server-ts" }
+← {} (success)
+```
+**Receive notifications when files change:**
+```
+← notifications/resources/updated { uri: "skill://mcp-server-ts" }
+```
+**Unsubscribe:**
+```
+→ resources/unsubscribe { uri: "skill://mcp-server-ts" }
+← {} (success)
+```
+**How it works:**
+1. Client subscribes to a `skill://` URI
+2. Server resolves URI to file path(s) and starts watching with chokidar
+3. When files change, server debounces (100ms) and sends notification
+4. Client can re-read the resource to get updated content
+## Security
+**Skills are treated as trusted content.** This server reads and serves skill files directly to clients without sanitization. Only configure skills directories containing content you trust.
+Protections in place:
+- Path traversal prevention (symlink-aware)
+- File size limits (1MB default, configurable via `MAX_FILE_SIZE_MB` env var)
+- Directory depth limits
+- Skill content is confined to configured directories
+Not protected against:
+- Malicious content within trusted skill directories
+- Prompt injection via skill instructions (skills can influence LLM behavior by design)
+## Dynamic Skill Discovery
+The server watches skill directories for changes. When SKILL.md files are added, modified, or removed:
+1. Skills are re-discovered from all configured directories
+2. The `skill` tool's description is updated with current skill names and metadata
+3. Per-skill prompts are added, removed, or updated accordingly
+4. `tools/listChanged` and `prompts/listChanged` notifications are sent to connected clients
+5. Clients that support these notifications will refresh tool and prompt definitions
+## Skill Metadata Format
+The `skill` tool description includes metadata for all available skills in XML format:
+```markdown
+# Skills
+When a user's task matches a skill description below: 1) activate it, 2) follow its instructions completely.
+<available_skills>
+<skill>
+<name>mcp-server-ts</name>
+<description>Build TypeScript MCP servers with composable code snippets...</description>
+<location>C:/path/to/mcp-server-ts/SKILL.md</location>
+</skill>
+</available_skills>
+```
+This metadata is dynamically updated when skills change - clients supporting `tools/listChanged` will automatically refresh.
+## Skill Discovery
+Skills are discovered at startup from the configured directories. For each directory, the server checks:
+- The directory itself for skill subdirectories
+- `.claude/skills/` subdirectory
+- `skills/` subdirectory
+Each skill subdirectory must contain a `SKILL.md` file with YAML frontmatter including `name` and `description` fields.
+## Skill Visibility Control
+Control which skills appear in tools vs prompts using optional frontmatter fields:
+| Frontmatter | In Tool Description | In Prompts Menu | Use Case |
+|-------------|---------------------|-----------------|----------|
+| (default) | Yes | Yes | Normal skills |
+| `disable-model-invocation: true` | No | Yes | User-triggered workflows (deploy, commit) |
+| `user-invocable: false` | Yes | No | Background context (model auto-loads when relevant) |
+### Example: User-Only Skill
+Hide from model auto-discovery, require explicit user invocation via `/skill-name` prompt:
+```yaml
+---
+name: deploy
+description: Deploy to production
+disable-model-invocation: true
+---
+```
+### Example: Model-Only Skill
+Hide from prompts menu, model uses automatically when relevant:
+```yaml
+---
+name: codebase-context
+description: Background information about this codebase
+user-invocable: false
+---
+```
+Note: Resources (`skill://` URIs) always include all skills regardless of these settings, allowing explicit access when needed.
+## Testing
+### Manual Testing with MCP Inspector
+```bash
+npm run build
+npm run inspector -- /path/to/skills
+```
+### Automated Evals (Development Only)
+The `evals/` directory contains an evaluation framework for testing skill activation across different delivery modes. Evals are only available when developing from source (not included in the npm package).
+```bash
+# Clone the repo first
+git clone https://github.com/olaservo/skilljack-mcp.git
+cd skilljack-mcp
+# Install dev dependencies (includes claude-agent-sdk for evals)
+npm install
+# Build and run evals
+npm run build
+npm run eval                              # Default: greeting task, MCP mode
+npm run eval -- --task=xlsx-openpyxl      # Specific task
+npm run eval -- --mode=native             # Native skill mode
+npm run eval -- --mode=mcp+native         # Both MCP and native enabled
+```
+See [evals/README.md](https://github.com/olaservo/skilljack-mcp/blob/main/evals/README.md) for details on available tasks, modes, and findings about activation behavior differences.
+## Related
+- [Agent Skills Specification](https://agentskills.io)
+- [MCP TypeScript SDK](https://github.com/modelcontextprotocol/typescript-sdk)
+- [Example MCP Clients](https://modelcontextprotocol.io/clients)