Glowboth/skillsync-mcp
/SKILL.md
# SkillSync MCP — Security-Gated Skill Manager Search, scan, install, and manage Claude Code skills with built-in security scanning. Every installation is gated behind a 60+ pattern threat scan. ## Tools - `skillsmp_search` — Search the SkillsMP marketplace by keyword - `skillsmp_ai_search` — AI-powered semantic search for skills - `skillsmp_scan_skill` — Security scan any GitHub skill repo - `skillsmp_search_safe` — Search + auto-scan top results in one step - `skillsmp_install_skill` — Scan
tools
Updated Apr 18, 2026
$ install --global
skillsauthnpx skillsauth add Glowboth/skillsync-mcp skillsync-mcpInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 18, 2026, 7:34 AM14.6s28 files scanned
SKILL.md
SkillSync MCP — Security-Gated Skill Manager
Search, scan, install, and manage Claude Code skills with built-in security scanning. Every installation is gated behind a 60+ pattern threat scan.
Tools
skillsmp_search— Search the SkillsMP marketplace by keywordskillsmp_ai_search— AI-powered semantic search for skillsskillsmp_scan_skill— Security scan any GitHub skill reposkillsmp_search_safe— Search + auto-scan top results in one stepskillsmp_install_skill— Scan, gate, and install a skill to~/.claude/skills/skillsmp_uninstall_skill— Remove an installed skillskillsmp_list_installed— List installed skills with risk levelsskillsmp_audit_installed— Deep security audit of an installed skill
Setup
Add to your MCP client config:
{
"mcpServers": {
"skillsmp": {
"command": "npx",
"args": ["-y", "@stranzwersweb2/skillsync-mcp"]
}
}
}
When to Use
- User asks to find, search, or browse skills
- User wants to install a skill from GitHub
- User wants to check if a skill is safe before installing
- User wants to see what skills are installed or audit them
- User mentions SkillsMP marketplace
Security
Critical threats (prompt injection, RCE, credential theft) permanently block installation. Medium/high risk requires explicit force: true. All output is sanitized against prompt injection.
Related Skills
openclaw/taskflow
tools
VerifiedTrustedCommunity
Use when work should span one or more detached tasks but still behave like one job with a single owner context. TaskFlow is the durable flow substrate under authoring layers like Lobster, ACPX, plugins, or plain code. Keep conditional logic in the caller; use TaskFlow for flow identity, child-task linkage, waiting state, revision-checked mutations, and user-facing emergence.
357,764SKILL.mdUpdated Apr 10, 2026
openclaw/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,764SKILL.mdUpdated Apr 10, 2026
steipete/extensions/lobster
tools
VerifiedTrustedCommunity
# Lobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (send, post, delete) - Multiple tool calls should run as one deterministic operation ## When to use Lobster | User intent | Use Lobster? | | ------------------------------------------------------ | --------------------------
357,588SKILL.mdUpdated Apr 13, 2026
steipete/xurl
tools
VerifiedTrustedCommunity
A CLI tool for making authenticated requests to the X (Twitter) API. Use this skill when you need to post tweets, reply, quote, search, read posts, manage followers, send DMs, upload media, or interact with any X API v2 endpoint.
356,423SKILL.mdUpdated Apr 13, 2026