mcp-skills-vault
A deterministic registry + integrity scanner for MCP servers,
so installing one stops feeling like curl | bash.
Sister project to mcp-trace.
Install
# As a Claude Code skill
git clone https://github.com/froggychips/mcp-skills-vault.git
mkdir -p ~/.claude/skills
cp -r mcp-skills-vault/mcp-ecosystem-intelligence ~/.claude/skills/
# As a CLI (no Claude required)
node mcp-skills-vault/mcp-ecosystem-intelligence/scripts/orchestrate.cjs \
--cwd /path/to/projectZero runtime dependencies. Node built-ins only. One JSON file is the entire database.
What you get
- Curated DB — 112 entries across ~25 categories, all with pinned versions, SPDX licenses, and
trust: verified | candidate. 96 Core / 11 Recommended / 5 Experimental. - Supply-chain scanner — sha512 (npm), sha256 (PyPI), and
@sha256:(Docker) integrity pinning, re-verified against the live registry; 4 advisory feeds merged (npm bulk + OSV.dev + GHSA + Snyk) before the install command is written. - Audit installed setup —
audit_setup.cjsdiffs your installed servers against the DB and flags drift, untrusted entries, heavy-unbounded servers, and scope issues.
Latest release
v0.7.0 — 2026-05-22
audit_setup.cjs— diff installed MCP servers against the DB (#43)check_license_drift.cjs— flag MIT→BSL/SSPL relicensing (#46)detectStack: Swift/JVM/Ruby/PHP/.NET manifests + Jira/Atlassian env signals (#45)discover: MCP registry + PyPI candidate sources (#42)
Quick taste
$ node mcp-ecosystem-intelligence/scripts/orchestrate.cjs
Stack: Langs: Node | DB: postgres | Infra: aws, teamcity, atlassian
Needs: database, infra, ci-cd, pm
── Recommended ──────────────────────────────────────────────
Core mcp-server-neon 10 tools score 105
Core mcp-server-aws 20 tools score 105
Core mcp-server-filesystem 10 tools score 105
Recommended teamcity-mcp null tools score 65
── Heavy — scope before global install ──────────────────────
Experimental mcp-atlassian 72 tools ⚠ score 55
--toolsets jira,confluence