Trust-score any AI skill or MCP server. 14 signals across 4 dimensions with safety scanning for prompt injection, credential theft, and supply chain attacks.
Website: mcpskills.io
mcpskills scores GitHub repos across 4 dimensions:
- Alive — Is it maintained? (commit recency, release cadence, issue responsiveness)
- Legit — Is the author credible? (author credibility, community adoption, contributor diversity)
- Solid — Is it secure? (security posture, dependency health, tool safety, supply chain safety)
- Usable — Is it well documented? (README quality, spec compliance, license clarity)
AI skills and MCP servers get enhanced scanning with 5 safety checks based on ClawHavoc and ToxicSkills attack patterns.
Install the MCP server to score repos directly from your IDE:
claude mcp add mcpskills -- npx @mcpskillsio/serverSee mcp-server/README.md for Cursor and Claude Desktop setup.
Scan any repo at mcpskills.io — free, no signup required.
curl -X POST https://mcpskills.io/api/score \
-H "Content-Type: application/json" \
-d '{"repo": "anthropics/anthropic-sdk-typescript"}'mcpskills/
mcp-server/ # npm package (@mcpskillsio/server) — 8 MCP tools
lib/ # Shared core: scorer (14 signals), skills detector, safety scanner
netlify/functions/ # Serverless API (score, badge, monitor, certify, webhook)
public/ # Static website (mcpskills.io)
data/ # Registry, score cache, curated packages
scripts/ # CLI utilities
| Component | Purpose |
|---|---|
| MCP Server | IDE integration — score repos from Claude Code, Cursor, or any MCP client |
| API | REST endpoints for scoring, badges, monitoring, certification |
| Website | Live scanner, blog, trust badge generator |
| Scheduled Functions | Nightly crawl (2am UTC), daily monitoring (8am UTC), weekly digest (Sunday 6pm UTC) |
| Tool | Description |
|---|---|
check_trust_score |
Score any GitHub repo (0-10, 4 dimensions, 14 signals) |
scan_safety |
Focused safety scan for AI skills (5 threat categories) |
list_packages |
Browse curated, pre-scored skill packages |
get_badge |
Generate SVG trust badge for READMEs |
watch_repo |
Monitor repos for trust score changes |
check_watched |
Re-scan all watched repos |
batch_check |
Score up to 5 repos in one call |
auto_gate |
Boolean go/no-go decision with reasoning |
| Tier | Score | Meaning |
|---|---|---|
| Verified | >= 7.0 | High confidence across all dimensions |
| Established | >= 4.5 | Moderate confidence, sufficient signals |
| New | < 4.5 | Insufficient data or low scores |
| Blocked | — | Disqualifiers: no license, critical CVE, dangerous workflows |
Free tier returns trust tier + dimension scores. For full 14-signal reports with safety findings:
export MCPSKILLS_API_KEY=your_key_hereGet your key at mcpskills.io/api.
MIT — Built by Michael Browne at Rise Above Partners.