Security-Gated Skill Management for AI Coding Assistants

The only tool that gates skill installation behind a full security scan.

60+ threat patterns · 13 MCP tools · 7 supported clients

npx -y @stranzwersweb2/skillsync-mcp
npm GitHub

Works With Any MCP Client

Claude Code OpenClaw Cursor Windsurf GitHub Copilot Zed nanobot

Why SkillSync?

Capability Raw git clone Other Tools SkillSync MCP
Security scan before install No No Yes — 60+ patterns
Blocks critical threats No No Prompt injection, RCE, credential theft
Multi-client support N/A Varies 7 clients
Marketplace search Manual Some Keyword + AI semantic
Cloud sync No No Subscription-based sync
Startup verification No No fs.watch + content hash
Output sanitization No No Anti prompt injection

Features

Security Scanning

60+ threat patterns across 15 categories: prompt injection, Unicode homoglyphs, reverse shells, credential theft, supply chain attacks, crypto mining, RCE, obfuscation, privilege escalation, and more. Critical threats are permanently blocked.

Cloud Sync

Subscribe to search queries and auto-sync skills across machines. Configurable risk thresholds, conflict policies, and dry-run previews. Managed vs manual skill tracking with lock files.

AI-Powered Search

Keyword and semantic search across the SkillsMP marketplace powered by Cloudflare AI. Smart suggestions based on your installed skills. Side-by-side skill comparison with security diffs.

Skill Management

Install, uninstall, list, and audit skills. Startup verification with fs.watch and SHA-256 content hashing. TOCTOU protection. npm install with --ignore-scripts for supply chain safety.

13 MCP Tools

Search & Discovery

skillsmp_search — Keyword Search

Search the SkillsMP marketplace by keyword. Returns skill names, descriptions, authors, star counts, and GitHub links. Supports sorting by stars or recency. All results are sanitized against prompt injection.

skillsmp_ai_search — AI Semantic Search

Natural language search powered by Cloudflare AI. Returns relevance-scored results. Finds skills even when keywords do not exactly match.

skillsmp_search_safe — Search + Auto-Scan

Combines keyword search with automatic security scanning of the top N results. Shows risk levels and threat summaries inline with search results.

skillsmp_suggest — AI Suggestions

Recommends new skills based on what you already have installed and optional context about your current project. Filters out already-installed skills automatically.

Security

skillsmp_scan_skill — Security Scan

Scans a GitHub skill repository for 60+ threat patterns across prompt injection, reverse shells, credential theft, supply chain attacks, crypto mining, and more. Returns a risk level, threat list, content hash, and recommendation.

skillsmp_compare — Side-by-Side Compare

Compare two skills by GitHub URL or installed name. Shows risk levels, threat counts, categories, and a recommendation for which is safer.

skillsmp_audit_installed — Deep Audit

Forces a fresh security scan on a specific installed skill. Shows detailed threat report, file count, total size, content hash, and SKILL.md status.

Skill Management

skillsmp_install_skill — Install

Scans a GitHub skill, then installs it to ~/.claude/skills/. Critical threats are permanently blocked. Medium/high risk requires force=true. Runs npm install with --ignore-scripts.

skillsmp_uninstall_skill — Uninstall

Removes an installed skill directory and updates the in-memory registry. Restart your MCP client to apply changes.

skillsmp_list_installed — List Installed

Lists all installed skills with risk levels, file counts, SKILL.md status, and last scan timestamps. Supports forced refresh and re-sync.

Cloud Sync

skillsync_configure — Configure Sync

Manage sync subscriptions and settings. Add or remove search subscriptions, set sync interval, risk threshold, and conflict policy (skip, overwrite, or unmanage).

skillsync_sync_now — Run Sync

Polls subscriptions, diffs against installed skills, and installs/updates/removes as needed. Supports dryRun=true to preview changes before applying.

skillsync_status — Sync Status

Shows sync engine state: managed vs manual skills, subscription count, last sync time, next scheduled sync, and per-skill details.

Quick Start

Add SkillSync to your MCP client configuration:

Claude Code

Add to ~/.claude/settings.json:

{
  "mcpServers": {
    "skillsmp": {
      "command": "npx",
      "args": ["-y", "@stranzwersweb2/skillsync-mcp"]
    }
  }
}
OpenClaw

Add to ~/.openclaw/mcp.json:

{
  "mcpServers": {
    "skillsmp": {
      "version": "1.3.0",
      "autoUpdate": false,
      "command": "npx",
      "args": ["-y", "@stranzwersweb2/skillsync-mcp@1.3.0"]
    }
  }
}

OpenClaw uses the same SKILL.md format as Claude Code. Pin versions and review tool policies per the security hardening guide.

Cursor

Add to .cursor/mcp.json in your project root:

{
  "mcpServers": {
    "skillsmp": {
      "command": "npx",
      "args": ["-y", "@stranzwersweb2/skillsync-mcp"]
    }
  }
}
Windsurf

Add to ~/.windsurf/mcp.json:

{
  "mcpServers": {
    "skillsmp": {
      "command": "npx",
      "args": ["-y", "@stranzwersweb2/skillsync-mcp"]
    }
  }
}
GitHub Copilot

Add to .github/copilot-mcp.json in your project root, or ~/.github/copilot-mcp.json for global:

{
  "mcpServers": {
    "skillsync": {
      "command": "npx",
      "args": ["-y", "@stranzwersweb2/skillsync-mcp"],
      "env": {
        "SKILLSMP_API_KEY": "your-api-key"
      }
    }
  }
}
Zed

Add to ~/.config/zed/settings.json under "context_servers":

{
  "context_servers": {
    "skillsync": {
      "command": {
        "path": "npx",
        "args": ["-y", "@stranzwersweb2/skillsync-mcp"],
        "env": {
          "SKILLSMP_API_KEY": "your-api-key"
        }
      }
    }
  }
}
Global Install (npm) 
npm install -g @stranzwersweb2/skillsync-mcp

Then reference skillsync-mcp as the command in any MCP config:

{
  "mcpServers": {
    "skillsmp": {
      "command": "skillsync-mcp"
    }
  }
}

Client Compatibility

Client Config Path Skill Format
Claude Code~/.claude/settings.jsonSKILL.md in ~/.claude/skills/
OpenClaw~/.openclaw/mcp.jsonSKILL.md (same format)
Cursor.cursor/mcp.jsonMCP tools only
Windsurf~/.windsurf/mcp.jsonMCP tools only
GitHub Copilot.github/copilot-mcp.jsonMCP tools only
Zed~/.config/zed/settings.jsonMCP tools only
nanobotMCP configMCP tools only

Security Model

Every installation is gated by a multi-level security scan.

Risk Levels

LevelBehavior
Safe / LowInstall proceeds with warnings shown
Medium / HighBlocked — requires force=true to override
CriticalPermanently blocked — no override possible

15 Threat Categories

Prompt Injection Unicode Homoglyphs Destructive Shell Remote Code Execution Reverse Shells Credential Theft Supply Chain Privilege Escalation Exfiltration Obfuscation Code Execution Shell Execution Network Crypto Mining Dotfile Poisoning

Scanner Flow

  1. Fetch skill source from GitHub (SSRF-gated: only github.com accepted)
  2. Validate file count (≤ 50) and total size (≤ 2MB)
  3. Skip binary files, flag suspicious filenames (postinstall.sh, .env, etc.)
  4. Scan each text file line-by-line against 60+ regex patterns
  5. Run multi-line patterns against full file content
  6. Skip lines over 2000 chars (ReDoS protection)
  7. Compute SHA-256 content hash for TOCTOU verification
  8. Assign risk level: safe → low → medium → high → critical
  9. Gate installation based on risk level

Additional Safety Guards

  • Path traversal prevention on skill names and filenames
  • SSRF prevention — only github.com URLs accepted
  • npm install --ignore-scripts blocks postinstall attacks
  • Max 50 files, 512KB per file, 2MB total size limit
  • Content hash for TOCTOU (time-of-check-to-time-of-use) verification
  • Output sanitization — strips zero-width Unicode and bidi overrides
  • 15-minute scan cache with 100-entry LRU eviction
  • fs.watch startup verification with debounced re-scanning