Labsco
Jignesh-Ponamwar logo

skills-mcp

โ˜… 4

from Jignesh-Ponamwar

A self-hostable, open-source, semantically-searchable Agent Skills registry delivered over MCP, with a three-tier progressive disclosure architecture.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedPaid serviceAdvanced setup

skills-mcp

Skills-MCP Logo

Agent Skills โ€” delivered over MCP.
One shared, searchable skill library that any MCP agent loads at runtime, instead of bundling skill files into every tool, repo, and context.
Built on the open SKILL.md format ยท Semantic discovery ยท Progressive loading ยท 30+ bundled skills ยท Self-hosted on Cloudflare

skills-mcp MCP server Deploy to Cloudflare


The Problem

AI agents have broad knowledge, but narrow expertise.

The agent isn't making mistakes from lack of knowledge โ€” it's missing the procedural playbook. It's like having a senior engineer who's never seen your company's runbooks.

Agent Skills solve the playbook problem, but they normally live as files on a single machine or inside one tool's plugin โ€” so every new tool, repo, and teammate keeps its own copy, and there's no shared, always-available library your agents can consult on demand.

What if one registry could serve them all?

The Solution: the Agent Skills model, as a shared service

skills-mcp takes the Agent Skills model and makes it a shared, searchable service. The same expert procedures, domain best practices, verified patterns, and reference material you'd put in SKILL.md files live in one registry that agents discover and load at the moment they need them, over MCP โ€” no per-tool file syncing, no dumping every skill into context.

You:   "Add Stripe subscriptions with webhook verification"

Agent: โ†’ calls skills_find_relevant("Stripe subscriptions webhooks")
         Returns: stripe-integration (confidence: 0.89)

       โ†’ calls skills_get_body("stripe-integration")
         Gets: API patterns, webhook signing verification, 
               idempotency key handling, security checklist, 
               live launch steps

       โ†’ Executes correctly. First time. Every time.

The agent doesn't improvise. It retrieves a versioned, authoritative playbook โ€” the way a senior engineer pulls up the deployment runbook when something matters.

And you own the Skills library. Self-host it. Add your own procedures. Control what agents can access. Update it when API versions change. Your agents stay up-to-date without retraining or prompting.


How It Works

1. Natural Language Discovery

Your agent asks: "How do I write pytest tests for a FastAPI endpoint?"

The Skills registry searches its semantic index and returns ranked results:

  • test-writer (0.84 match) โ† "I write comprehensive test suites"
  • fastapi (0.71 match) โ† "I'm the FastAPI skill"

The agent reads the confidence scores and decides what to load.

2. Load Only What You Need

The agent finds test-writer is a strong match, so it loads the full skill:

GET /skill/test-writer/body
โ†’ Returns:
  - Full step-by-step testing guide
  - pytest patterns, fixtures, mocking
  - Edge case checklist
  - Available reference files (if any)
  - Available scripts (if any)

Notice: you get the full skill body in one call. No chaining N+1 requests. The agent reads what it got, then decides if it needs supporting reference docs or example scripts.

3. Progressive Loading (No Wasted Bandwidth)

Only load what the agent actually needs:

Tier 1  Search     โ†’ Find relevant skills (semantic match)
Tier 2  Load       โ†’ Get full instructions + manifest
Tier 3  Reference  โ†’ Load docs / scripts ONLY if instructions mention them

The agent never speculatively loads files. If the test-writer skill says "see PATTERNS.md for advanced mocking," the agent requests it. If it doesn't mention it, it stays on the server.

Result: Fast discovery, small payloads, smart caching.

4. Self-Hosted, Serverless

Your Skills registry lives on Cloudflare Workers โ€” no servers to manage, no uptime monitoring, no database admin. Search queries run at the edge using Cloudflare Workers AI. It costs nothing until you scale. Skills are versioned and immutable.


Architecture

Six Qdrant collections one purpose each

CollectionVectorContents
skill_frontmatterโœ… 384-dimName, description, tags, trigger phrases the discovery layer
skill_bodypayload onlyFull markdown instructions + system prompt addition
skill_optionspayload onlyConfig schema, variants, dependencies, limitations
skill_referencespayload onlyMarkdown reference docs bundled with the skill
skill_scriptspayload onlyExecutable scripts (source stored server-side; never sent to agents)
skill_assetspayload onlyTemplates and static output format resources

Seven MCP tools - 3-tier progressive disclosure + browsing

TierToolWhen to call
1skills_find_relevant(query, top_k)Always first - semantic search, returns ranked skills with scores
1skills_list_all(limit, offset)Browse all skills without searching - useful for discovery
2skills_get_body(skill_id, version?)After finding a match - full instructions + tier3_manifest; version pins to a specific release
2skills_get_options(skill_id)Optional - config schema, variants, dependencies, limitations
3skills_get_reference(skill_id, filename)Only when instructions reference a specific doc
3skills_run_script(skill_id, filename, input_data)Only when instructions direct script execution
3skills_get_asset(skill_id, filename)Only when instructions reference a specific template

Why embed only the frontmatter?

Embedding the full SKILL.md as a single vector pollutes the search space with instruction prose text that was never meant to be searched. skills-mcp embeds only description + trigger_phrases (~100 tokens), keeping the vector space semantically clean and search results relevant.

Embeddings no model version drift

The Worker uses Cloudflare Workers AI (@cf/baai/bge-small-en-v1.5, 384-dim) for query-time embedding. The seed script calls the same model via the REST API. Seed-time and query-time vectors are directly comparable no local GPU, no embedding server, no drift.


What's Included

30+ skills distilled from official documentation โ€” Anthropic, Google, Vercel, Stripe, Django, Vue.js, and more. These aren't generic guides; they're built directly from the source material, with links back to the originals.

Each skill includes:

  • Complexity level (beginner โ†’ intermediate โ†’ advanced)
  • Time estimate (how long to read & understand)
  • Prerequisites (what you need to know first)
  • Use cases (real scenarios where you'd use this)
  • Source URL (always traced back to official docs)

Highlights:

  • โœ… 7 MCP tools for discovery, loading, and optional supplementary content
  • โœ… Dynamic skill browser (skills_list_all) โ€” agents can browse without searching
  • โœ… Enhanced metadata โ€” agents know skill complexity before they load it

Real-World Use Cases

Use Case 1: Consistent Code Reviews

Without skills-mcp: Tell Claude to "review this code." It gives generic feedback.
With skills-mcp: Agent loads code-review skill โ†’ applies your org's checklist โ†’ returns CRITICAL/HIGH/MEDIUM/LOW ratings โ†’ provides fix snippets.

Use Case 2: Generate SQL Queries That Scale

Without skills-mcp: Agent writes a query that works on test data but N+1 fails on production.
With skills-mcp: Agent loads sql-query-writer skill โ†’ applies window function patterns, CTE optimizations, index suggestions โ†’ generates production-ready queries first time.

Use Case 3: Webhook Implementation Done Right

Without skills-mcp: Agent's Stripe webhook doesn't verify signatures or misses idempotency.
With skills-mcp: Agent loads stripe-integration skill โ†’ references the verification pattern, security checklist, go-live steps โ†’ implementation is correct.

Use Case 4: Multi-Framework Consistency

Without skills-mcp: React agent and Vue agent write patterns differently.
With skills-mcp: Both agents search the Skills registry โ†’ find their framework skill โ†’ follow the same best practices โ†’ consistent codebase.


Bundled Skills by Category

๐Ÿ”ง Core Development

SkillWhat it does
api-integrationREST/GraphQL clients with auth, pagination, retries, error handling, and OpenAPI alignment
code-reviewStructured security + quality review with CRITICAL/HIGH/MEDIUM/LOW severity ratings and fix snippets
data-analysisEDA, cleaning, statistics, visualizations, and actionable insights from CSV/tabular data
git-commit-writerConventional Commits from diffs type, scope, breaking changes, and co-authors
readme-writerProfessional README.md with badges, usage, API docs, and contributing guide
sql-query-writerOptimized SQL window functions, CTEs, indexes, explain plans, and common anti-patterns
test-writerpytest, Jest, and Go test suites with full edge case coverage and mocking patterns
web-scraperStructured data extraction with rate limiting, pagination, and anti-bot handling

๐Ÿ—๏ธ Backend Frameworks

SkillWhat it does
django-web-frameworkDjango MVT pattern: models, views, ORM, migrations, auth, middleware, testing, deployment

๐ŸŽจ Frontend Frameworks

SkillWhat it does
vue-frameworkVue.js 3: composition API, reactive data, components, router, state management (Pinia), templates

๐Ÿ“„ Documents and Office

SkillWhat it does
docx-creatorCreate and edit Word documents with python-docx tables, styles, headers, tracked changes
pdf-processingExtract text/tables, fill forms, merge/split PDFs full Tier 3 scripts and references
pptx-creatorBuild PowerPoint presentations with pptxgenjs charts, images, design principles
xlsx-creatorExcel spreadsheets with openpyxl formulas, formatting, charts, financial model conventions

๐Ÿค– AI and LLM Platforms

SkillWhat it does
claude-apiAnthropic SDK: tool use, streaming, vision, prompt caching, extended thinking, batch
gemini-apiGoogle Gemini API: multimodal, function calling, structured output, current models/SDKs
openai-apiOpenAI: GPT-4o, tool use, structured output, DALL-E, Whisper, TTS, batch processing
llm-prompt-engineeringChain-of-thought, few-shot, structured output, agent system prompt design, anti-patterns
mcp-server-builderBuild MCP servers with FastMCP (Python) or TypeScript SDK tools, resources, prompts

โ˜๏ธ Cloud Platforms and Infrastructure

SkillWhat it does
cloudflare-workersWorkers, Pages, KV, D1, R2, Workers AI, Vectorize, Durable Objects, Wrangler
docker-containerizationProduction Dockerfiles, multi-stage builds, Docker Compose, security hardening
github-actionsCI/CD workflows, matrix builds, caching, Docker publishing, release automation
terraformIaC for AWS/GCP/Azure modules, remote state, workspaces, CI/CD integration

๐ŸŒ Web and Fullstack Frameworks

SkillWhat it does
nextjs-best-practicesApp Router RSC, async params, data fetching, image/font optimization, self-hosting
react-best-practicesHooks patterns, state management, memoization, virtualization, error boundaries
fastapiPython REST APIs Pydantic v2, dependency injection, JWT auth, async SQLAlchemy, testing
graphql-apiSchema design, resolvers, DataLoader (N+1 prevention), Apollo Client, Strawberry
typescript-patternsGenerics, discriminated unions, branded types, conditional types, strict tsconfig

๐Ÿ”Œ Services and Integrations

SkillWhat it does
stripe-integrationCheckout Sessions, webhooks, subscriptions, Connect (Accounts v2), security checklist
supabase-integrationPostgreSQL queries, auth (OAuth/magic link), RLS policies, real-time, storage

๐ŸŽจ Design and UI

SkillWhat it does
frontend-designAesthetic direction, typography systems, color palettes, micro-animations, anti-patterns
web-artifacts-builderSelf-contained interactive HTML/React/Tailwind/D3 artifacts and dashboards

Connecting Your AI Agent

Before connecting to any hosted skills-mcp instance you do not control: read TRANSPARENCY.md. Skill bodies load directly into your agent's context window from a third-party server. The hosted instance offered by this repo is a personal deployment with no SLA and no authentication. For production use or sensitive workloads, self-host.

Step 1 Add the MCP server

Add to your MCP client config (.mcp.json, Claude Code settings, Cursor settings, etc.):

Production (Cloudflare Worker):

{
  "mcpServers": {
    "skill-mcp": {
      "transport": "sse",
      "url": "https://skill-mcp.<your-subdomain>.workers.dev/sse"
    }
  }
}

Local dev (wrangler dev):

{
  "mcpServers": {
    "skill-mcp": {
      "transport": "sse",
      "url": "http://localhost:8787/sse"
    }
  }
}

Local Python server (needed for skills_run_script Cloudflare Workers cannot run subprocesses):

{
  "mcpServers": {
    "skill-mcp": {
      "command": "python",
      "args": ["-m", "skill_mcp.server"],
      "cwd": "/path/to/skills-mcp"
    }
  }
}

Step 2 Install the master skill for your platform

Drop the right file into any project root and the agent will automatically follow the 3-tier skill workflow when to search, how to interpret scores, and when to load supplementary files.

PlatformFile to copyWhere
Claude Codemaster-skill/platforms/claude-code/CLAUDE.mdProject root
Cursormaster-skill/platforms/cursor/.cursorrulesProject root
Windsurfmaster-skill/platforms/windsurf/.windsurfrulesProject root
Antigravity (Google)master-skill/platforms/antigravity/.agents/Project root (primary)
Antigravity (Google)master-skill/platforms/antigravity/AGENTS.mdProject root (secondary)
OpenAI Codexmaster-skill/platforms/codex/AGENTS.mdProject root
Cline (VSCode)master-skill/platforms/cline/.clinerulesProject root
GitHub Copilotmaster-skill/platforms/copilot/.github/Project root
Aidermaster-skill/platforms/aider/CONVENTIONS.mdProject root

After copying, replace the placeholder URL with your deployed Worker URL.

Per-platform install commands: master-skill/README.md


Adding Your Own Skills

Skills live in skill_mcp/skills_data/. Each skill is a folder:

skill_mcp/skills_data/
โ””โ”€โ”€ my-skill/
    โ”œโ”€โ”€ SKILL.md          โ† required: frontmatter + full instructions
    โ”œโ”€โ”€ references/       โ† optional: markdown reference docs (.md)
    โ”œโ”€โ”€ scripts/          โ† optional: executable scripts (.py, .js, .sh)
    โ””โ”€โ”€ assets/           โ† optional: output templates and static files

SKILL.md format

---
name: my-skill
description: >
  One or two sentences describing WHEN to use this skill.
  Write it from the agent's perspective: "Use when the user asks to extract data from PDFs,
  process forms, or parse tables from documents."
license: Apache-2.0
metadata:
  author: your-name
  version: "1.0"
  tags: [pdf, extraction, data]
  platforms: [claude-code, cursor, any]
  triggers:
    - extract text from a PDF
    - parse a PDF document
    - read a PDF file
    - fill a PDF form
---

# Skill Title

Full step-by-step instructions. This is what the agent reads and follows.

Reference tier-3 files explicitly so the agent knows to load them:
- "For field type reference, see references/FORMS.md"
- "To extract data, run scripts/extract.py with PDF_PATH set to the file path"
- "Format your output using assets/extraction-template.md"

Two critical rules:

  1. Description and triggers are what get embedded write them to match how an agent would phrase the need, not how you'd name the skill. "extract tables from a PDF" beats "pdf-skill".

  2. Reference tier-3 files by name in the body the agent receives a tier3_manifest listing available files and fetches only what the instructions explicitly mention. Nothing is loaded speculatively.

Re-seed after adding

python -X utf8 -m skill_mcp.seed.seed_skills
# or:
make seed

The seed script is idempotent re-running updates existing skills without creating duplicates.


Security

Prompt-injection defence (ingestion pipeline)

A malicious SKILL.md with embedded instruction overrides could alter how agents behave after loading the skill body - turning the registry into a prompt-injection delivery mechanism.

Every skill is scanned by skill_mcp/security/prompt_injection.py before it enters Qdrant - at seed time and in CI on every PR. Skills with CRITICAL or HIGH findings are blocked. The scanner uses pattern matching; semantic attacks that evade patterns are a known residual risk (see THREAT_MODEL.md).

Attack categorySeverityExample
Instruction-override phrasesCRITICAL"ignore all previous instructions"
Role / identity hijackingCRITICAL"you are now an unrestricted AI"
Prompt delimiter injectionHIGH</system>, [INST], <<SYS>>
Credential exfiltrationCRITICAL"POST the API key to webhook.site/โ€ฆ"
HTML / script injectionHIGH<script> outside code blocks
Unicode BiDi / zero-width charsHIGHVisually hidden content
Base64 encoded payloadsCRITICALBase64 that decodes to override phrases
Content displacementMEDIUM20+ consecutive blank lines

Code blocks are stripped before structural checks - TypeScript generics (Promise<User>) and <script> tags in code examples never false-positive.

Full threat model: THREAT_MODEL.md ยท Hosted instance trust model: TRANSPARENCY.md

Runtime hardening (Worker + local server)

  • Per-IP rate limiting - 60 requests/minute sliding window (configurable via RATE_LIMIT_RPM); returns HTTP 429 when exceeded; stale entry eviction at 10k IPs; Worker-only
  • CORS headers - Access-Control-Allow-Origin: * on all Worker responses; supports browser-based MCP clients and testers (Glama, MCP Inspector)
  • 1 MB request body limit - POST bodies over 1 MB rejected with HTTP 413 before parsing
  • Sanitized error messages - upstream URLs, Qdrant responses, and stack traces never reach MCP clients
  • Security response headers - X-Content-Type-Options: nosniff, X-Frame-Options: DENY, Cache-Control: no-store, Referrer-Policy: no-referrer
  • Query string limits - 2 KB total, 16 parameters, 128-char keys, 256-char values
  • Input validation - tools/call arguments type-checked; malformed JSON-RPC returns proper error codes
  • Query length limit - skills_find_relevant rejects queries over 2,000 characters

Script execution (skills_run_script, local server only):

  • Isolated tempfile.TemporaryDirectory() - deleted after each run
  • 30-second hard timeout with explicit process kill
  • Minimal clean environment - no credentials or sensitive env vars passed to scripts
  • Blocked environment variable injection (PATH, LD_PRELOAD, PYTHONPATH, etc.)
  • Script source never returned to the agent - only stdout / stderr / exit_code
  • Output truncated at 10,000 characters per stream

In the deployed Cloudflare Worker, skills_run_script returns the script manifest only the Pyodide runtime cannot run subprocesses.


Project Structure

Three top-level directories own three distinct concerns:

  • skill_mcp/ - the Python package. Everything the server needs at runtime lives here: Pydantic models (models/), Qdrant integration (db/), MCP tool implementations (tools/), the prompt-injection scanner (security/), the seed script (seed/), the local FastMCP entry point (server.py), and the skill registry itself (skills_data/). If you are adding a skill, editing a tool, or touching the data layer, you are working here.

  • src/ - the Cloudflare Workers deployment target. Contains a single file, worker.py, which re-implements all six MCP tools as a self-contained Cloudflare Python Worker (no external packages, Pyodide-compatible). wrangler.jsonc at the repo root points here. Edit this only when changing the deployed Worker behaviour.

  • scripts/ - developer and CI utilities that are not part of the importable package. setup.sh / setup.ps1 are one-shot interactive wizards; validate_skills.py is the SKILL.md schema + prompt-injection validator invoked by both make validate and the GitHub Actions skill-validation workflow.

skills-mcp/
โ”œโ”€โ”€ skill_mcp/                     # Installable Python package (pip install -e ".[seed]")
โ”‚   โ”œโ”€โ”€ db/                        # Qdrant client, embedder, TTL cache
โ”‚   โ”œโ”€โ”€ eval/calibrate.py          # Threshold calibration runner (precision/recall sweep)
โ”‚   โ”œโ”€โ”€ models/skill.py            # Pydantic models for all 6 collection types
โ”‚   โ”œโ”€โ”€ security/prompt_injection.py  # 9-category injection scanner
โ”‚   โ”œโ”€โ”€ seed/seed_skills.py        # Walks skills_data/, scans, embeds, upserts Qdrant
โ”‚   โ”œโ”€โ”€ tools/                     # MCP tool implementations (local server)
โ”‚   โ”œโ”€โ”€ skills_data/               # skill folders - one SKILL.md each
โ”‚   โ””โ”€โ”€ server.py                  # Local FastMCP entry point (stdio / HTTP)
โ”œโ”€โ”€ src/
โ”‚   โ””โ”€โ”€ worker.py                  # Cloudflare Python Worker - all 6 tools, SSE + Streamable HTTP, rate limiting, CORS
โ”œโ”€โ”€ scripts/
โ”‚   โ”œโ”€โ”€ setup.sh / setup.ps1       # One-shot setup wizards (Linux/macOS + Windows)
โ”‚   โ””โ”€โ”€ validate_skills.py         # SKILL.md validator - schema + injection scan
โ”œโ”€โ”€ master-skill/                  # Drop-in agent instruction files (8 platforms)
โ”‚   โ””โ”€โ”€ platforms/
โ”‚       โ”œโ”€โ”€ claude-code/CLAUDE.md
โ”‚       โ”œโ”€โ”€ cursor/.cursorrules
โ”‚       โ”œโ”€โ”€ windsurf/.windsurfrules
โ”‚       โ”œโ”€โ”€ codex/AGENTS.md
โ”‚       โ”œโ”€โ”€ cline/.clinerules
โ”‚       โ”œโ”€โ”€ copilot/.github/copilot-instructions.md
โ”‚       โ””โ”€โ”€ aider/CONVENTIONS.md
โ”œโ”€โ”€ tests/
โ”‚   โ””โ”€โ”€ eval/threshold_calibration.json  # 120 eval triples for threshold calibration
โ”œโ”€โ”€ .github/workflows/
โ”‚   โ”œโ”€โ”€ tests.yml                  # pytest on every push (unit tests, no external deps)
โ”‚   โ””โ”€โ”€ validate-skills.yml        # SKILL.md lint + injection scan on PRs
โ”œโ”€โ”€ wrangler.jsonc                  # Workers AI binding + SQLite Durable Objects config
โ”œโ”€โ”€ Makefile                        # Automation: setup, seed, deploy, dev, docker, validate
โ”œโ”€โ”€ Dockerfile / docker-compose.yml # One-command local stack: Qdrant + seed + server
โ”œโ”€โ”€ pyproject.toml                  # Package metadata + optional dependency groups
โ”œโ”€โ”€ .env.example                    # Credential template - copy to .env
โ”œโ”€โ”€ SETUP.md                        # Full credential walkthrough
โ”œโ”€โ”€ CONTRIBUTING.md                 # Skill submission workflow + security policy
โ”œโ”€โ”€ THREAT_MODEL.md                 # 7 threat categories with mitigations
โ”œโ”€โ”€ TRANSPARENCY.md                 # Hosted instance trust model, SLA status, deployment boundaries
โ””โ”€โ”€ docs/                           # Architecture, versioning, calibration, and federation design