skill-mcp-server

An MCP server that exposes a directory of “Claude Skills” (SKILL.md plus scripts and references) to any MCP-capable AI agent. It provides tools to list skills, load skill instructions/resources, execute bundled skill scripts in a sandboxed environment, and read/write/edit files within a configured workspace.

Evaluated Apr 04, 2026 (23d ago)

Homepage ↗ Repo ↗ DevTools mcp claude-skills agent-tools file-io sandboxing python automation

⚙ Agent Friendliness

/ 100

Can an agent use this?

🔒 Security

/ 100

Is it safe for agents?

⚡ Reliability

/ 100

Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality

Documentation

Error Messages

Auth Simplicity

Rate Limits

🔒 Security

TLS Enforcement

Auth Strength

Scope Granularity

Dep. Hygiene

Secret Handling

README claims “secure by design” with path validation and sandboxed file operations, and supports workspace isolation. However, no authentication/authorization model is documented and TLS/transport security is not described (likely local MCP connection). Executing bundled scripts inherently increases risk if skills/scripts are untrusted; strong sandboxing details are not provided in the available text.

⚡ Reliability

Uptime/SLA

Version Stability

Breaking Changes

Error Recovery

Best When

You control the skills/scripts directory and want to plug them into an MCP-compatible agent via a standardized tool interface with workspace isolation.

Avoid When

You need enterprise-grade security guarantees for running third-party/untrusted code, or you require clear operational/SLA assurances and mature stability/release discipline.

Use Cases

• Let an MCP agent use an existing skill ecosystem without native Claude Skills support
• Automate workflows defined as skill scripts with controlled workspace I/O
• Provide standardized access to reusable reference templates (skill references)
• Enable hot-reloading of newly added skills during development

Not For

• Production environments where untrusted skills/scripts could be executed without strong isolation and governance
• Use cases requiring first-class authN/authZ, quotas, or managed hosting
• Teams needing a documented, stable versioned HTTP API/SDK beyond MCP

Interface

REST API

GraphQL

gRPC

MCP Server

Yes

SDK

Webhooks

Authentication

OAuth: No Scopes: No

No explicit authentication method is described in the provided README. This appears to be a locally run MCP server configured in the MCP client config.

Pricing

Free tier: No

Requires CC: No

Open-source (MIT license) and installation is via pip/uvx per README; no hosted pricing described.

Agent Metadata

Pagination

none

Idempotent

False

Retry Guidance

Not documented

Known Gotchas

⚠ Executing skill scripts is a side-effect operation; agent behavior should avoid repeated runs unless idempotent by design.
⚠ File operations are scoped to a configured workspace; agents may fail if paths are outside/denied by path validation.
⚠ Hot reload exists, but agents may need to re-query tool outputs to see newly added skills/resources.

Alternatives

Use an agent/client that natively supports Claude Skills Build a custom skill loader/executor for your agent (parse SKILL.md and run scripts yourself) Use other MCP tools/services tailored to your specific skill/task domain

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for skill-mcp-server.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo

API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-04-04.