nsheaps/mcpc-apify
plugins/mcp-tooling/skills/mcpc-apify/SKILL.md
Use this skill when working with Apify's mcpc — a universal CLI client for MCP with persistent sessions, OAuth authentication, and interactive shell mode. Use when the user asks about connecting to remote MCP servers, managing MCP sessions, authenticating with OAuth for MCP, or using Apify's MCP platform. Also use when comparing MCP CLI tools or needing persistent named sessions.
$ install --global
skillsauthnpx skillsauth add nsheaps/ai-mktpl mcpc-apifyInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:36 PM0.5s1 file scanned
SKILL.md
- name:
- mcpc-apify
- description:
- >
mcpc (Apify MCP CLI Client)
Repository: https://github.com/apify/mcp-cli
Package: @apify/mcpc
A universal CLI client for MCP with persistent sessions, OAuth 2.1 authentication, and interactive shell mode. Configure once, reuse across multiple AI coding agents and environments.
Installation
# Via npm
npm install -g @apify/mcpc
# Via Bun
bun install -g @apify/mcpc
On Linux, uses the Secret Service API for secure credential storage with automatic fallback to file-based storage on headless systems.
Core Concepts
Named Sessions
mcpc maintains persistent named sessions — long-lived connections to MCP servers that survive across commands:
# Create a persistent session
mcpc connect mcp.apify.com @apify
# Use the session for any command
mcpc @apify tools-list
mcpc @apify tools-call search-actors keywords:="web scraper"
# List all active sessions
mcpc
# Close/restart a session
mcpc @apify close
mcpc @apify restart
Authentication
# Interactive OAuth 2.1 login (tokens stored in OS keychain)
mcpc login mcp.apify.com
# Logout
mcpc logout mcp.apify.com
# Use specific auth profile
mcpc --profile my-profile @session tools-list
Commands
Tools
# List available tools
mcpc @session tools-list
# Get tool details
mcpc @session tools-get <tool-name>
# Call a tool with typed arguments (key:=value syntax)
mcpc @session tools-call search-actors keywords:="website crawler" count:=10
Arguments use key:=value syntax with automatic JSON type parsing.
Resources and Prompts
# Resources
mcpc @session resources-list
mcpc @session resources-read <uri>
# Prompts
mcpc @session prompts-list
mcpc @session prompts-get <prompt-name> arg1:=value1
Discovery and Exploration
# Search across tools, resources, prompts
mcpc grep <pattern>
# Interactive shell mode
mcpc @session shell
Output Modes
# JSON output for scripting
mcpc --json @session tools-list
mcpc --json @session tools-call tool-name arg:=value | jq '.result'
# Default: human-readable with colors
mcpc @session tools-list
Configuration
Storage Locations
- Session metadata:
~/.mcpc/sessions.json - Auth tokens: OS keychain (fallback:
~/.mcpc/credentialsmode 0600)
Server Configuration Examples
{
"mcpServers": {
"apify": {
"url": "https://mcp.apify.com"
}
}
}
With bearer token:
{
"mcpServers": {
"apify": {
"url": "https://mcp.apify.com",
"headers": {
"Authorization": "Bearer <APIFY_TOKEN>"
}
}
}
}
Custom Tool Selection
# Via URL parameters
# https://mcp.apify.com?tools=actors,docs,apify/rag-web-browser
# Via CLI
npx @apify/actors-mcp-server --tools actors,docs,apify/web-scraper
Key Differences from philschmid/mcp-cli
| Feature | mcpc (Apify) | mcp-cli (philschmid) |
| ---------------- | ---------------------------- | -------------------------- |
| Sessions | Persistent named sessions | Stateless per-command |
| Authentication | Full OAuth 2.1 + keychain | Environment variables only |
| Transport | Streamable HTTP + stdio | stdio + HTTP |
| Interactive mode | Shell mode (mcpc @s shell) | No interactive mode |
| Connection model | Session-based (connect once) | Per-invocation |
| Runtime | Node.js | Bun |
Practical Workflow
# 1. Connect and authenticate
mcpc connect https://mcp.apify.com @apify
mcpc login https://mcp.apify.com
# 2. Discover tools
mcpc @apify tools-list
# 3. Call tools
mcpc @apify tools-call search-actors keywords:="web scraper" count:=10
# 4. Script with JSON output
mcpc --json @apify tools-list | jq '.tools[] | .name'
# 5. Manage session
mcpc @apify close
Related Skills
nsheaps/github-app-session-env
tools
VerifiedTrustedCommunity
Manually reproduce what the github-app plugin's SessionStart hook does to make a GitHub App installation token usable in the current session — materialize the PEM, generate the token, isolate GH_CONFIG_DIR, write the runtime env file, and wire CLAUDE_ENV_FILE so every Bash call sees GH_TOKEN/GITHUB_TOKEN. Use when the hook did not run, the token is missing from the environment, or a shell/teammate needs the token wired up by hand. <example>GH_TOKEN isn't set even though github-app is configured</example> <example>the github-app SessionStart hook didn't run, set up the token manually</example> <example>wire the github app token into CLAUDE_ENV_FILE</example> <example>gh keeps falling back to the wrong account, isolate GH_CONFIG_DIR</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/github-app-git-identity
tools
VerifiedTrustedCommunity
Manually configure the GitHub App bot git identity the way the github-app plugin's SessionStart hook does — resolve the app slug and bot user ID, build the <slug>[bot] name and noreply email, set GIT_AUTHOR_*/GIT_COMMITTER_* env vars, and write an isolated GIT_CONFIG_GLOBAL with the gh auth git-credential helper. Use when commits are attributed to the wrong account, "Author identity unknown" appears, or git identity must be set up by hand. <example>my commits are showing up as the handler, not the bot</example> <example>git says Author identity unknown after the github-app hook ran</example> <example>configure the github app bot git identity manually</example> <example>set up the gh credential helper for git push</example>
3SKILL.mdUpdated Jun 9, 2026
nsheaps/spec-management
tools
VerifiedTrustedCommunity
Manages spec files for requirements capture and validation
3SKILL.mdUpdated Jun 7, 2026
nsheaps/plugins/bash-command-rejection/skills/bash-chaining-alternatives
tools
VerifiedTrustedCommunity
# Bash Chaining Alternatives This skill teaches you how to work around the bash command chaining restriction enforced by this plugin. ## Why Chaining is Blocked The `bash-command-rejection` plugin blocks these operators: | Operator | Name | Why Blocked | | -------- | ---------- | ----------------------------------------------------------------------------------- | | `&&` | AND chain | Runs cmd2 only if cmd1 su
3SKILL.mdUpdated Jun 7, 2026