How does MCP Skills trust scoring work?

Every repo or package is evaluated across 4 dimensions — Alive (is it maintained?), Legit (who made it?), Solid (is it secure?), and Usable (can I work with it?). Each dimension combines multiple signals from the GitHub API, npm registry, OpenSSF Scorecard, and our analysis engine to produce a composite score from 0 to 10. Accepts GitHub repos, npm packages, Smithery URLs, and OpenClaw skills.

When MCP Skills detects an AI agent skill or MCP server, the algorithm shifts to Skills Mode. Security weight increases and two additional signals activate: Skill Spec Compliance and Tool Safety. The safety scanner checks for prompt injection, shell execution, credential access, network exfiltration, and obfuscated payloads — the exact attack patterns used in ClawHavoc.

What are the trust tiers?

Repos are assigned one of three trust tiers: Verified (score 7.5+ with strong dimensions — safe to build on), Established (score 4.5+ — solid but check the details), or New (below threshold — promising but unproven). A fourth tier, Blocked, applies when critical safety concerns are detected.

Is the free scan really free?

Yes. Free scans show the trust tier badge, all 4 dimension scores, and a one-line rationale. Free tier allows 3 scans per day from the website or 20 per day via the API. No account required. Paid reports ($9 per scan or $29 for a 10-pack) unlock the full 14-signal breakdown and detailed safety scan findings.

What are the limitations of trust scoring?

MCP Skills performs static analysis — source code pattern matching, GitHub metadata, and OpenSSF Scorecard data. It does not yet monitor runtime behavior, multi-step agent chain context leaks, or dynamically fetched payloads. A high score means strong static indicators, but no automated tool catches everything. Runtime observability and tool call auditing are on our roadmap.

Is your AI skill safe?

Know before you install.

Trust-score any MCP server, npm package, or AI skill across 14 signals — including safety scans for prompt injection, credential theft, and supply chain attacks. Paste a GitHub repo, npm package name, or registry URL.

1,184 malicious skills found in ClawHavoc 36% of one registry had security flaws 14 trust signals scored

How trust scoring works

4 dimensions. 14 signals. Data from GitHub API, npm registry, and OpenSSF Scorecard.

Alive Is it maintained?

Commit recency Release cadence Issue responsiveness

Legit Who made it?

Author credibility Community adoption Contributor diversity Download adoption

Solid Is it secure?

Security posture Dependency health Tool safety Supply chain safety

Usable Can I use it?

README quality Spec compliance License clarity

Skills Mode

MCP servers and AI skills get 2 extra signals and heavier security weight. The safety scanner checks source code directly.

Prompt injection Shell execution Credential access Network exfiltration Obfuscated payloads

Patterns from ClawHavoc and ToxicSkills

What we check — and what we don't

Static analysis

Source code pattern matching across 20 files
GitHub metadata: commits, issues, contributors, releases
OpenSSF Scorecard security posture
Dependency health and supply chain signals
Spec compliance and documentation quality

Not yet covered

Runtime behavior monitoring (sandbox execution)
Multi-step agent chain context leaks
Dynamic payloads fetched after install
Tool call audit logging and policy enforcement

Trust scoring is a signal, not a verdict. A high score means strong static indicators across all dimensions — but no automated tool catches everything. Runtime observability and tool call auditing are on our roadmap.

Score from your IDE

Check trust scores without leaving Claude Code, Cursor, or any MCP client. Install in one command.

claude mcp add mcpskills -- npx @mcpskillsio/server

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

{
  "mcpServers": {
    "mcpskills": {
      "command": "npx",
      "args": ["@mcpskillsio/server"]
    }
  }
}

check_trust_score

"Score vercel/ai"

Trust tier, composite score, and 4 dimension breakdown for any repo, npm package, or registry URL.

scan_safety

"Is this MCP safe?"

5 safety checks for prompt injection, credential theft, shell execution, and more.

auto_gate

"Should I install this?"

Go/no-go decision with reasoning. Certified repos get instant approval.

batch_check

"Check these 5 deps"

Score up to 5 repos or packages in one call. Great for vetting a stack.

list_packages

"Show safe skill stacks"

Curated, pre-scored skill packages organized by use case.

@mcpskillsio/server on npm

For Developers & Agents

Build trust verification into your toolchain. Accepts GitHub repos, npm packages, Smithery URLs, and more. Agent-optimized API with go/no-go decisions.

Agent Response (Free)

curl -X POST https://mcpskills.io/.netlify/functions/score \
  -H "Content-Type: application/json" \
  -H "Accept: application/json" \
  -d '{"repo":"npm:@anthropic-ai/sdk"}'

{
  "safe": true,
  "tier": "verified",
  "score": 8.2,
  "recommendation": "install",
  "flags": [],
  "reasoning": "14 signals, no disqualifiers"
}

Paid Response (API Key)

curl -X POST https://mcpskills.io/.netlify/functions/score \
  -H "Content-Type: application/json" \
  -H "X-API-Key: msk_your_key_here" \
  -d '{"repo":"owner/repo"}'

// Also accepts: npm:@scope/package,
// Smithery URLs, OpenClaw URLs.
// Returns: Full 14-signal breakdown,
// safety findings, recommendations.

Free Agent 20 scans/day · compact response

10-Pack · $29 10 full reports · $2.90/each

Pro · $12/mo 1000/day · batch · monitoring