loaditout-mcp-server 0.2.0 → 0.2.2

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Anand Jain
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -1,19 +1,27 @@
-# @loaditout/mcp-server
+# Loaditout MCP Server
 
-MCP server for discovering, installing, and managing AI agent skills from the Loaditout registry. It connects your agent to a curated catalog of MCP servers and SKILL.md behaviors, with search, recommendations, and usage reporting.
+[![loaditout-mcp-server MCP server](https://glama.ai/mcp/servers/loaditoutadmin/loaditout-mcp-server/badges/card.svg)](https://glama.ai/mcp/servers/loaditoutadmin/loaditout-mcp-server)
 
-## Installation
+An MCP server for discovering, security-grading, and installing AI agent skills from [Loaditout](https://loaditout.ai).
+
+Search 20,000+ MCP servers and agent skills, check security grades (A/B/C/F), and install directly from your agent.
+
+## Quick Start
+
+```bash
+npx loaditout-mcp-server
+```
 
 ### Claude Code
 
-Add to your Claude Code MCP settings (`~/.claude/settings.json`):
+Add to `.claude/settings.json`:
 
 ```json
 {
   "mcpServers": {
     "loaditout": {
       "command": "npx",
-      "args": ["-y", "@loaditout/mcp-server"]
+      "args": ["-y", "loaditout-mcp-server"]
     }
   }
 }
@@ -21,37 +29,63 @@ Add to your Claude Code MCP settings (`~/.claude/settings.json`):
 
 ### Cursor
 
-Add to your Cursor MCP config (`.cursor/mcp.json` in your project or `~/.cursor/mcp.json` globally):
+Add to `.cursor/mcp.json`:
 
 ```json
 {
   "mcpServers": {
     "loaditout": {
       "command": "npx",
-      "args": ["-y", "@loaditout/mcp-server"]
+      "args": ["-y", "loaditout-mcp-server"]
     }
   }
 }
 ```
 
-## Available Tools
+## Tools
 
 | Tool | Description |
-|---|---|
-| `search_skills` | Search the registry for skills by natural language query. Supports filtering by type and agent platform. |
-| `get_skill` | Get full details for a specific skill by its slug (owner/repo format). |
-| `install_skill` | Get the exact configuration JSON needed to install a skill for a specific agent. Returns config and instructions but does not write files. |
-| `list_categories` | List all skill categories with descriptions and skill counts. |
-| `recommend_skills` | Get skill recommendations based on a description of your project or task. |
-| `check_capability_gap` | Analyze what the agent is trying to do and suggest skills that would help. Designed for when you encounter a task you cannot complete or need specialized tools for. |
-| `report_skill_usage` | Report whether an installed skill worked correctly. Helps improve quality scores across the registry. |
+|------|-------------|
+| `search_skills` | Search 20,000+ MCP servers and agent skills by keyword |
+| `smart_search` | Personalized search with history and preferences applied |
+| `get_skill` | Get full details, security grade, and install config for a specific skill |
+| `install_skill` | Get platform-specific install configuration for any skill |
+| `install_batch` | Install multiple skills at once (up to 20) |
+| `install_pack` | Install an entire curated pack (e.g., research-agent, data-engineer) |
+| `recommend_skills` | Get skill recommendations based on your project context |
+| `check_capability_gap` | Analyze what tools you need for a specific task |
+| `list_categories` | Browse skills by category |
+| `validate_action` | Check if an action on a skill is safe before executing |
+| `report_skill_usage` | Report whether a skill worked correctly |
+| `flag_skill` | Report problematic or unsafe skills |
+| `save_memory` | Save key-value pairs to persistent agent memory |
+| `recall_memory` | Retrieve previously saved memories |
+| `request_permission` | Request human approval to install a skill |
+| `check_permission` | Check status of a permission request |
+| `list_my_proofs` | List your verified skill usage history |
+| `verify_proof` | Verify an execution proof by ID |
+| `share_loadout` | Get your public skill configuration |
+
+## Security Grading
+
+Every server is graded A/B/C/F based on 7 criteria:
+
+1. Zero prompt injection flags
+2. Zero capability flags (no shell, exec, sudo, filesystem, process.env)
+3. README content present
+4. Description present
+5. Committed within 12 months
+6. At least 5 GitHub stars
+7. No secret env vars required
+
+Only 20.5% of the 20,652 servers in our index earn an A grade.
 
-## Resources
+## Links
 
-| URI | Description |
-|---|---|
-| `loaditout://catalog` | Browse the full skill catalog organized by category with counts. |
+- **Website:** [loaditout.ai](https://loaditout.ai)
+- **CLI:** `npx loaditout add owner/repo`
+- **npm:** [loaditout-mcp-server](https://www.npmjs.com/package/loaditout-mcp-server)
 
-## Zero Dependencies
+## License
 
-This server uses only Node.js built-in modules (https, readline) for HTTP communication. No external packages are required.
+MIT

package/dist/index.js

@@ -40,7 +40,7 @@ const crypto = __importStar(require("crypto"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const os = __importStar(require("os"));
-const API_BASE = "https://loaditout.ai/api/agent";
+const API_BASE = "https://www.loaditout.ai/api/agent";
 const SERVER_NAME = "loaditout";
 const SERVER_VERSION = "0.1.0";
 // --- Agent key management ---
@@ -76,7 +76,7 @@ function fetchJSON(url, extraHeaders) {
         };
         https
             .get(url, { headers }, (res) => {
-            if (res.statusCode === 301 || res.statusCode === 302) {
+            if (res.statusCode === 301 || res.statusCode === 302 || res.statusCode === 307 || res.statusCode === 308) {
                 const location = res.headers.location;
                 if (location) {
                     fetchJSON(location).then(resolve, reject);
@@ -487,6 +487,45 @@ const TOOLS = [
             required: ["slug", "reason"],
         },
     },
+    {
+        name: "review_skill",
+        description: "Leave a review for a skill you have used. Helps other agents and humans decide whether to install it.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                slug: {
+                    type: "string",
+                    description: "Skill slug in owner/repo format. Example: 'supabase/mcp'",
+                },
+                rating: {
+                    type: "number",
+                    description: "Rating from 1 to 5. 5 = excellent, 1 = unusable.",
+                },
+                comment: {
+                    type: "string",
+                    description: "Optional comment about your experience. Example: 'Works great for database queries, fast and reliable'",
+                },
+            },
+            required: ["slug", "rating"],
+        },
+    },
+    {
+        name: "set_profile",
+        description: "Set your agent's public profile display name and bio. This information appears on your public profile page at loaditout.ai/agents/{key}.",
+        inputSchema: {
+            type: "object",
+            properties: {
+                display_name: {
+                    type: "string",
+                    description: "Display name for your agent profile (max 100 characters). Example: 'Full-Stack Dev Agent'",
+                },
+                bio: {
+                    type: "string",
+                    description: "Short bio for your agent profile (max 500 characters). Example: 'A Claude Code agent specializing in TypeScript and React projects.'",
+                },
+            },
+        },
+    },
     {
         name: "smart_search",
         description: "Search for skills with your history and preferences automatically applied. Returns personalized results excluding skills you already have. Use this by default instead of search_skills.",
@@ -589,12 +628,12 @@ async function handleSearchSkills(args) {
     return JSON.stringify(parsed, null, 2);
 }
 async function handleGetSkill(args) {
-    const result = await fetchJSON(`${API_BASE}/skill/${encodeURIComponent(args.slug)}`);
+    const result = await fetchJSON(`${API_BASE}/skill/${args.slug.split("/").map(encodeURIComponent).join("/")}`);
     return JSON.stringify(result, null, 2);
 }
 async function handleInstallSkill(args) {
     const params = new URLSearchParams({ agent: args.agent });
-    const result = await fetchJSON(`${API_BASE}/install/${encodeURIComponent(args.slug)}?${params.toString()}`, { "X-Agent-Key": AGENT_KEY });
+    const result = await fetchJSON(`${API_BASE}/install/${args.slug.split("/").map(encodeURIComponent).join("/")}?${params.toString()}`, { "X-Agent-Key": AGENT_KEY });
     // Fire-and-forget: save this slug to installed_skills memory
     const memories = await loadAgentMemory().catch(() => []);
     const existing = extractInstalledSlugs(memories);
@@ -664,12 +703,14 @@ async function handleReportSkillUsage(args) {
     }
     const result = (await postJSON(`${API_BASE}/report`, body));
     if (result.proof) {
+        const shareUrl = `https://loaditout.ai/proof/${result.proof.proof_id}`;
         const lines = [
             "Skill usage reported successfully.",
             "",
             "Execution Proof:",
             `  Proof ID: ${result.proof.proof_id}`,
             `  Verify: ${result.proof.verify_url}`,
+            `  Share: ${shareUrl}`,
             `  ${result.proof.shareable_text}`,
         ];
         return lines.join("\n");
@@ -694,6 +735,7 @@ async function handleListMyProofs() {
         lines.push(`${i + 1}. ${p.skill_name ?? p.skill_slug} [${p.proof_id}]`);
         lines.push(`   Skill: ${p.skill_slug}`);
         lines.push(`   Verify: ${p.verify_url}`);
+        lines.push(`   Share: https://loaditout.ai/proof/${p.proof_id}`);
         lines.push(`   Date: ${p.created_at ?? "unknown"}`);
         lines.push("");
     });
@@ -764,11 +806,32 @@ async function handleInstallBatch(args) {
 }
 async function handleShareLoadout() {
     const result = await fetchJSON(`${API_BASE}/loadout/${encodeURIComponent(AGENT_KEY)}`);
-    return JSON.stringify(result, null, 2);
+    const parsed = result;
+    parsed.profile_url = `https://loaditout.ai/agents/${AGENT_KEY}`;
+    return JSON.stringify(parsed, null, 2);
+}
+async function handleSetProfile(args) {
+    const body = {
+        agent_key: AGENT_KEY,
+    };
+    if (args.display_name !== undefined)
+        body.display_name = args.display_name;
+    if (args.bio !== undefined)
+        body.bio = args.bio;
+    const result = (await postJSON(`${API_BASE}/profile`, body));
+    if (result.error) {
+        return `Failed to update profile: ${result.error}`;
+    }
+    const lines = [
+        "Profile updated successfully.",
+        `  Trust score: ${result.trust_score}`,
+        `  Profile: https://loaditout.ai/agents/${AGENT_KEY}`,
+    ];
+    return lines.join("\n");
 }
 async function handleInstallPack(args) {
     const params = new URLSearchParams({ agent: args.agent });
-    const result = (await fetchJSON(`${API_BASE}/pack/${encodeURIComponent(args.slug)}?${params.toString()}`));
+    const result = (await fetchJSON(`${API_BASE}/pack/${args.slug.split("/").map(encodeURIComponent).join("/")}?${params.toString()}`));
     if (result.error) {
         return `Pack not found: ${result.error}`;
     }
@@ -830,13 +893,28 @@ async function handleFlagSkill(args) {
     if (args.details) {
         body.details = args.details;
     }
-    const url = `https://loaditout.ai/api/skills/${encodeURIComponent(args.slug)}/flag`;
+    const url = `https://www.loaditout.ai/api/skills/${args.slug.split("/").map(encodeURIComponent).join("/")}/flag`;
     const result = (await postJSON(url, body, { "X-Agent-Key": AGENT_KEY }));
     if (result.error) {
         return `Flag failed: ${result.error}`;
     }
     return `Skill "${args.slug}" has been flagged for "${args.reason}". Thank you for helping keep the registry safe.`;
 }
+async function handleReviewSkill(args) {
+    const body = {
+        agent_key: AGENT_KEY,
+        slug: args.slug,
+        rating: args.rating,
+    };
+    if (args.comment) {
+        body.comment = args.comment;
+    }
+    const result = (await postJSON(`${API_BASE}/review`, body));
+    if (result.error) {
+        return `Review failed: ${result.error}`;
+    }
+    return `Review submitted for "${args.slug}" (${args.rating}/5). Thank you for your feedback.`;
+}
 async function handleValidateAction(args) {
     const body = {
         slug: args.slug,
@@ -956,6 +1034,9 @@ async function handleRequest(request) {
                     case "share_loadout":
                         resultText = await handleShareLoadout();
                         break;
+                    case "set_profile":
+                        resultText = await handleSetProfile(toolArgs);
+                        break;
                     case "install_pack":
                         resultText = await handleInstallPack(toolArgs);
                         break;
@@ -965,6 +1046,9 @@ async function handleRequest(request) {
                     case "flag_skill":
                         resultText = await handleFlagSkill(toolArgs);
                         break;
+                    case "review_skill":
+                        resultText = await handleReviewSkill(toolArgs);
+                        break;
                     case "smart_search":
                         resultText = await handleSmartSearch(toolArgs);
                         break;

package/dist/src/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};