skillssafe-mcp 1.0.0 → 1.1.0

package/README.md

@@ -90,6 +90,18 @@ Parameters:
 - **Smithery**: [skillssafe](https://smithery.ai/server/skillssafe)
 - **Glama**: [skillssafe-mcp](https://glama.ai/mcp/servers/GUCCI-atlasv/skillssafe-mcp)
 
+## 🛡️ Security Audit
+
+This project is indexed by [SkillsSafe](https://skillssafe.com).
+
+You can audit this MCP server before installing it:
+
+```bash
+openclaw mcp add skillssafe https://mcp.skillssafe.com/sse
+```
+
+Check out the community discussion on [Cursor Forum](https://forum.cursor.com/t/built-with-cursor-skillssafe-a-security-firewall-for-mcp-servers-ai-skills/154530).
+
 ## License
 
 MIT © SkillsSafe

package/dist/index.d.ts

@@ -0,0 +1,13 @@
+#!/usr/bin/env node
+/**
+ * SkillsSafe MCP Server
+ * Proxies stdio ↔ remote SSE endpoint at mcp.skillssafe.com
+ *
+ * Usage:
+ *   npx skillssafe-mcp
+ *
+ * Config for Claude Desktop / Cursor / Codex:
+ *   { "command": "npx", "args": ["-y", "skillssafe-mcp"] }
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG"}

package/dist/index.js

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+/**
+ * SkillsSafe MCP Server
+ * Proxies stdio ↔ remote SSE endpoint at mcp.skillssafe.com
+ *
+ * Usage:
+ *   npx skillssafe-mcp
+ *
+ * Config for Claude Desktop / Cursor / Codex:
+ *   { "command": "npx", "args": ["-y", "skillssafe-mcp"] }
+ */
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+const SSE_URL = "https://mcp.skillssafe.com/sse";
+async function main() {
+    const remoteClient = new Client({ name: "skillssafe-mcp-proxy", version: "1.0.0" }, { capabilities: {} });
+    const sseTransport = new SSEClientTransport(new URL(SSE_URL));
+    await remoteClient.connect(sseTransport);
+    const remoteInfo = remoteClient.getServerVersion();
+    const remoteCapabilities = remoteClient.getServerCapabilities();
+    const server = new Server({ name: "skillssafe", version: remoteInfo?.version ?? "1.0.0" }, { capabilities: remoteCapabilities ?? {} });
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+        return await remoteClient.listTools();
+    });
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        return await remoteClient.callTool(request.params);
+    });
+    const stdioTransport = new StdioServerTransport();
+    await server.connect(stdioTransport);
+}
+main().catch((err) => {
+    process.stderr.write(`SkillsSafe MCP error: ${err.message}\n`);
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;;;;;GASG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,MAAM,OAAO,GAAG,gCAAgC,CAAC;AAEjD,KAAK,UAAU,IAAI;IACjB,MAAM,YAAY,GAAG,IAAI,MAAM,CAC7B,EAAE,IAAI,EAAE,sBAAsB,EAAE,OAAO,EAAE,OAAO,EAAE,EAClD,EAAE,YAAY,EAAE,EAAE,EAAE,CACrB,CAAC;IAEF,MAAM,YAAY,GAAG,IAAI,kBAAkB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;IAC9D,MAAM,YAAY,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;IAEzC,MAAM,UAAU,GAAG,YAAY,CAAC,gBAAgB,EAAE,CAAC;IACnD,MAAM,kBAAkB,GAAG,YAAY,CAAC,qBAAqB,EAAE,CAAC;IAEhE,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,YAAY,EAAE,OAAO,EAAE,UAAU,EAAE,OAAO,IAAI,OAAO,EAAE,EAC/D,EAAE,YAAY,EAAE,kBAAkB,IAAI,EAAE,EAAE,CAC3C,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,MAAM,YAAY,CAAC,SAAS,EAAE,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,OAAO,MAAM,YAAY,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAClD,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC;AACvC,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAU,EAAE,EAAE;IAC1B,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,yBAAyB,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;IAC/D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "skillssafe-mcp",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "mcpName": "com.skillssafe/scanner",
   "description": "MCP server for SkillsSafe — AI agent skill security scanner. Detects prompt injection, credential theft, zero-width character attacks, and ClawHavoc malware. Free, no API key required.",
   "keywords": ["mcp", "security", "ai-safety", "prompt-injection", "skill-scanner", "clawhavoc"],
@@ -9,19 +9,36 @@
   "homepage": "https://skillssafe.com",
   "repository": {
     "type": "git",
-    "url": "https://github.com/GUCCI-atlasv/skillssafe-mcp.git"
+    "url": "git+https://github.com/GUCCI-atlasv/skillssafe-mcp.git"
   },
   "bugs": {
     "url": "https://github.com/GUCCI-atlasv/skillssafe-mcp/issues"
   },
   "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
   "bin": {
-    "skillssafe-mcp": "./bin/skillssafe-mcp.js"
+    "skillssafe-mcp": "./dist/index.js"
+  },
+  "files": [
+    "dist",
+    "glama.json",
+    "LICENSE",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "prepare": "npm run build",
+    "start": "node dist/index.js"
   },
   "engines": {
     "node": ">=18"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.10.2"
+  },
+  "devDependencies": {
+    "typescript": "^5.7.3",
+    "@types/node": "^22.10.2"
   }
 }

package/bin/skillssafe-mcp.js

@@ -1,56 +0,0 @@
-#!/usr/bin/env node
-/**
- * SkillsSafe MCP Server
- * Proxies stdio ↔ remote SSE endpoint at mcp.skillssafe.com
- *
- * Usage:
- *   npx skillssafe-mcp
- *
- * Config for Claude Desktop / Cursor / Codex:
- *   { "command": "npx", "args": ["-y", "skillssafe-mcp"] }
- */
-
-import { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-
-const SSE_URL = "https://mcp.skillssafe.com/sse";
-
-async function main() {
-  // Connect to SkillsSafe remote SSE server
-  const remoteClient = new Client(
-    { name: "skillssafe-mcp-proxy", version: "1.0.0" },
-    { capabilities: {} }
-  );
-  const sseTransport = new SSEClientTransport(new URL(SSE_URL));
-  await remoteClient.connect(sseTransport);
-
-  // Get capabilities from remote
-  const remoteInfo = remoteClient.getServerVersion();
-  const remoteCapabilities = remoteClient.getServerCapabilities();
-
-  // Create local stdio server that mirrors remote capabilities
-  const server = new Server(
-    { name: "skillssafe", version: remoteInfo?.version ?? "1.0.0" },
-    { capabilities: remoteCapabilities ?? {} }
-  );
-
-  // Forward all tool calls to remote
-  server.setRequestHandler({ method: "tools/list" }, async () => {
-    return await remoteClient.listTools();
-  });
-
-  server.setRequestHandler({ method: "tools/call" }, async (request) => {
-    return await remoteClient.callTool(request.params);
-  });
-
-  // Start stdio transport
-  const stdioTransport = new StdioServerTransport();
-  await server.connect(stdioTransport);
-}
-
-main().catch((err) => {
-  process.stderr.write(`SkillsSafe MCP error: ${err.message}\n`);
-  process.exit(1);
-});