Back to MCP Servers

Skillssafe

Free AI agent skill security scanner. Scan SKILL.md, MCP configs, and system prompts for credential theft, prompt injection, zero-width character attacks, and ClawHavoc indicators. Supports OpenClaw, Claude Code, Cursor, and Codex. No signup required.

securityaiagent
By GUCCI-atlasv
01Updated 3 months agoJavaScriptMIT

Installation

npx -y skillssafe-mcp

Configuration

{
  "mcpServers": {
    "skillssafe-mcp": {
      "command": "npx",
      "args": ["-y", "skillssafe-mcp"]
    }
  }
}

How to use

  1. Run the installation command above (if needed)
  2. Open your Claude Code settings file (~/.claude/settings.json)
  3. Add the configuration to the mcpServers section
  4. Restart Claude Code to apply changes

skillssafe-mcp

npm version MCP Registry License: MIT

MCP server for SkillsSafe — the security layer for AI agents.

Scan SKILL.md files, MCP configs, and system prompts for:

  • 🔐 Credential theft & data exfiltration
  • 💉 Prompt injection attacks
  • 👻 Zero-width character attacks
  • 🦠 ClawHavoc malware indicators
  • 🐚 Shell injection & reverse shells
  • 🔍 Scope creep & memory poisoning

Free. No API key. No signup.

Quick Start

Claude Desktop

Add to ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "skillssafe": {
      "command": "npx",
      "args": ["-y", "skillssafe-mcp"]
    }
  }
}

Cursor

Add to .cursor/mcp.json:

{
  "mcpServers": {
    "skillssafe": {
      "command": "npx",
      "args": ["-y", "skillssafe-mcp"]
    }
  }
}

Direct SSE (Remote)

For clients that support SSE transport:

https://mcp.skillssafe.com/sse

Tools

scan_skill

Scan an AI agent skill file for security threats before installation.

Parameters:
  url      - URL of skill to scan (GitHub raw URL, ClawHub URL, etc.)
  content  - Raw text content of skill to scan (alternative to url)
  lang     - Response language: "en" | "zh" | "ja" (default: "en")

Returns:
  decision    - INSTALL / REVIEW / BLOCK
  risk_score  - 0–100
  threats     - List of detected threats with severity
  scan_id     - ID for retrieving full report

get_report

Retrieve a previously generated scan report.

Parameters:
  scan_id  - Scan ID returned by scan_skill

Registry

🛡️ Security Audit

This project is indexed by SkillsSafe.

You can audit this MCP server before installing it:

openclaw mcp add skillssafe https://mcp.skillssafe.com/sse

Check out the community discussion on Cursor Forum.

License

MIT © SkillsSafe

View source on GitHub