AgentSkillsHub

Search, audit, and install from 117K+ open-source AI agent skills & MCP servers โ€” every result carries a security grade (SAFE/CAUTION/UNSAFE/UNAUDITED) and quality score checked BEFORE installing. Local cached index, works offline, no auth. Install: npx -y @agentskillshub/mcp

Documentation

AgentSkillsHub MCP Server

๐ŸŒ Website ยท ๐Ÿ”Ž Browse Skills ยท ๐Ÿ›ก๏ธ Security Report ยท ๐Ÿข Enterprise

Search, audit, and install open-source AI agent skills & MCP servers from inside your agent โ€” Claude Code, Cursor, Cline, Cherry Studio, or any MCP client. Every result is security-graded and quality-scored by AgentSkillsHub, a directory of 100K+ skills. The trust signal comes before you install.

// add to your MCP client config
{
  "mcpServers": {
    "agentskillshub": {
      "command": "npx",
      "args": ["-y", "@agentskillshub/mcp"]
    }
  }
}

That's it โ€” no API key, no signup. The server downloads a static catalog index once (~1.7 MB, cached locally) and does all searching locally, so it's fast, works offline after the first run, and puts zero load on the Hub backend.

Why an MCP server

Discovering a skill is easy. Knowing whether it's safe to run against your credentials is not. This server puts search + a trust check right in the agent's tool loop:

need a capability โ†’ search_skills โ†’ audit_skill โ†’ get_skill_install โ†’ install

Your agent sees the security grade and estimated token cost of a skill before it picks one โ€” signals other directories don't give it.

Tools

ToolWhat it does
search_skillsFind skills by natural-language query + filters (category, platform, min_stars, min_quality, verified_only, max_security_risk, limit). Returns each result's security_grade and estimated_tokens.
audit_skillFree basic trust check for an owner/repo: security grade, plain-English verdict, quality score.
get_skill_installInstall commands for a runtime + a "check before you install" safety line. Returns instructions; it does not run anything.

Example

User: find me a safe way to query Postgres from Claude Code

The agent calls search_skills({ query: "query postgres", category: "mcp-server", max_security_risk: "safe" }) and gets back graded results:

call518/MCP-PostgreSQL-Ops   150โ˜…   ๐ŸŸข SAFE     quality 75/100
sgaunet/postgresql-mcp         6โ˜…   ๐ŸŸก CAUTION  ~17.2k tok

then audit_skill / get_skill_install before it installs anything.

Security grades

๐ŸŸข SAFE ยท ๐ŸŸก CAUTION ยท ๐Ÿ”ด UNSAFE ยท โ›” REJECT ยท โšช UNAUDITED

โšช UNAUDITED is not "probably fine" โ€” it means no one has audited it. The search_skills filter max_security_risk excludes un-audited skills, never silently treats them as safe.

We security-graded the whole catalog and wrote up what we found: We security-graded 117,854 AI agent skills.

Free vs. Pro

  • Free (this server): search_skills ยท audit_skill (basic) ยท get_skill_install, for any catalogued skill.
  • Pro / Enterprise: 5-dimension deep audit (code ยท credentials ยท vendor ยท supply-chain ยท operational), any GitHub URL (incl. <5โ˜… / private), CI/batch auditing, compliance evidence โ†’ https://agentskillshub.top/enterprise/

Env

VarDefault
AGENTSKILLSHUB_BASEhttps://agentskillshub.top
AGENTSKILLSHUB_CACHE~/.cache/agentskillshub (shared with the ash CLI)

Related

  • CLI: @agentskillshub/cli โ€” the same search/audit/install from your terminal (npx @agentskillshub/cli search "โ€ฆ").

MIT ยฉ AgentSkillsHub