mcp-skills-vault

A deterministic registry + integrity scanner for MCP servers, so installing one stops feeling like curl | bash. Sister project to mcp-trace.

Install

# One-line — no clone, no global install
npx -y @froggychips/mcp-vault scan --cwd ./my-project    # what to install for this stack
npx -y @froggychips/mcp-vault list                       # all 114 servers in the DB
npx -y @froggychips/mcp-vault audit --strict             # diff installed vs DB
npx -y @froggychips/mcp-vault verify --offline           # true offline DB-pin gate
npx -y @froggychips/mcp-vault doctor                     # local readiness check

# Prefer it on PATH? Drop the npx prefix after this.
npm i -g @froggychips/mcp-vault

# As a Claude Code skill (optional)
git clone https://github.com/froggychips/mcp-skills-vault.git
mkdir -p ~/.claude/skills
cp -r mcp-skills-vault/mcp-ecosystem-intelligence ~/.claude/skills/

Zero runtime dependencies. Node built-ins only. One JSON file is the entire database.

What you get

What this does NOT do

Latest release

v0.12.0 — 2026-06-20

Full release notes →

v0.11.0 — 2026-06-20

Full release notes →

v0.10.0 — 2026-05-24

Full release notes →

Quick taste

$ npx -y @froggychips/mcp-vault scan
Stack: Langs: Node | DB: postgres | Infra: aws, teamcity, atlassian
Needs: database, infra, ci-cd, pm

── Recommended ──────────────────────────────────────────────
  Core         mcp-server-neon            10 tools  score 105
  Core         mcp-server-aws             20 tools  score 105
  Core         mcp-server-filesystem      10 tools  score 105
  Recommended  teamcity-mcp              null tools  score  65

── Heavy — scope before global install ──────────────────────
  Experimental mcp-atlassian             72 tools ⚠  score  55
                 --toolsets jira,confluence

JSON output snippets

Every user-facing command has --json for scripts and Claude Code skills.

$ mcp-vault scan --cwd ./project --json
{
  "stack": {
    "langs": ["Python"],
    "dbs": ["postgres", "redis"],
    "infra": ["kubernetes", "teamcity", "atlassian"]
  },
  "recommended": [
    { "name": "mcp-server-neon", "classification": "Core", "health_score": 105 },
    { "name": "teamcity-mcp", "classification": "Recommended", "health_score": 65 }
  ],
  "heavy": [
    { "name": "mcp-atlassian", "est_tools_count": 72 }
  ]
}
$ mcp-vault audit --json
{
  "counts": { "drift": 1, "untrusted": 0, "heavy-unbounded": 1 },
  "findings": [
    {
      "category": "heavy-unbounded",
      "server": "github",
      "message": "100 tools and no --toolsets / allowedTools scope"
    }
  ]
}

Browse the registry

The public registry page is generated directly from tools_database.json and includes category, tier, trust, license, score, tool count, and install command.

Open registry →