AgentSkillsHub
Search, audit, and install from 117K+ open-source AI agent skills & MCP servers โ every result carries a security grade (SAFE/CAUTION/UNSAFE/UNAUDITED) and quality score checked BEFORE installing. Local cached index, works offline, no auth. Install: npx -y @agentskillshub/mcp
Documentation
AgentSkillsHub MCP Server
๐ Website ยท ๐ Browse Skills ยท ๐ก๏ธ Security Report ยท ๐ข Enterprise
Search, audit, and install open-source AI agent skills & MCP servers from inside your agent โ Claude Code, Cursor, Cline, Cherry Studio, or any MCP client. Every result is security-graded and quality-scored by AgentSkillsHub, a directory of 100K+ skills. The trust signal comes before you install.
// add to your MCP client config
{
"mcpServers": {
"agentskillshub": {
"command": "npx",
"args": ["-y", "@agentskillshub/mcp"]
}
}
}
That's it โ no API key, no signup. The server downloads a static catalog index once (~1.7 MB, cached locally) and does all searching locally, so it's fast, works offline after the first run, and puts zero load on the Hub backend.
Why an MCP server
Discovering a skill is easy. Knowing whether it's safe to run against your credentials is not. This server puts search + a trust check right in the agent's tool loop:
need a capability โ search_skills โ audit_skill โ get_skill_install โ install
Your agent sees the security grade and estimated token cost of a skill before it picks one โ signals other directories don't give it.
Tools
| Tool | What it does |
|---|---|
search_skills | Find skills by natural-language query + filters (category, platform, min_stars, min_quality, verified_only, max_security_risk, limit). Returns each result's security_grade and estimated_tokens. |
audit_skill | Free basic trust check for an owner/repo: security grade, plain-English verdict, quality score. |
get_skill_install | Install commands for a runtime + a "check before you install" safety line. Returns instructions; it does not run anything. |
Example
User: find me a safe way to query Postgres from Claude Code
The agent calls search_skills({ query: "query postgres", category: "mcp-server", max_security_risk: "safe" }) and gets back graded results:
call518/MCP-PostgreSQL-Ops 150โ
๐ข SAFE quality 75/100
sgaunet/postgresql-mcp 6โ
๐ก CAUTION ~17.2k tok
then audit_skill / get_skill_install before it installs anything.
Security grades
๐ข SAFE ยท ๐ก CAUTION ยท ๐ด UNSAFE ยท โ REJECT ยท โช UNAUDITED
โช UNAUDITED is not "probably fine" โ it means no one has audited it. The search_skills filter max_security_risk excludes un-audited skills, never silently treats them as safe.
We security-graded the whole catalog and wrote up what we found: We security-graded 117,854 AI agent skills.
Free vs. Pro
- Free (this server):
search_skillsยทaudit_skill(basic) ยทget_skill_install, for any catalogued skill. - Pro / Enterprise: 5-dimension deep audit (code ยท credentials ยท vendor ยท supply-chain ยท operational), any GitHub URL (incl. <5โ / private), CI/batch auditing, compliance evidence โ https://agentskillshub.top/enterprise/
Env
| Var | Default |
|---|---|
AGENTSKILLSHUB_BASE | https://agentskillshub.top |
AGENTSKILLSHUB_CACHE | ~/.cache/agentskillshub (shared with the ash CLI) |
Related
- CLI:
@agentskillshub/cliโ the same search/audit/install from your terminal (npx @agentskillshub/cli search "โฆ").
MIT ยฉ AgentSkillsHub