Right now SkillSpector only runs as a CLI that a human invokes. But the call it makes — "is this skill safe?" — is most useful at the moment an agent is about to install a skill or MCP server, not after the fact.
A couple of open issues are really asking for this already: #33 wants to call the inspector from inside a skill, and #34 wants to embed it in a package registry. Both need something other than a human to run a scan and act on the result.
So I'd like to add an MCP server (skillspector mcp) that wraps the existing graph and exposes one tool:
scan_skill(target, use_llm=...) — returns the same verdict the CLI already produces (score, severity, findings) for a repo / URL / zip / dir / file.
Then any MCP client (Claude Code, Codex, Gemini) or a remote A2A runtime can call it and gate the install on the result. I'd support both stdio and HTTP.
One thing I'd want to get right: when the LLM pass can't run, the result should say so explicitly instead of quietly degrading to static-only (related: #3, #4, #9). An agent acting on the score shouldn't assume it got a full scan when it didn't.
Before I send a PR, a few questions:
- Upstream, or would you rather this lived as a separate package?
skillspector mcp subcommand, or a separate entry point?mcp as an optional extra (pip install "skillspector[mcp]") so the core deps stay light — ok?- Just
scan_skill, or do you want finer-grained tools too?
Happy to implement it with tests and docs.
Right now SkillSpector only runs as a CLI that a human invokes. But the call it makes — "is this skill safe?" — is most useful at the moment an agent is about to install a skill or MCP server, not after the fact.
A couple of open issues are really asking for this already: #33 wants to call the inspector from inside a skill, and #34 wants to embed it in a package registry. Both need something other than a human to run a scan and act on the result.
So I'd like to add an MCP server (
skillspector mcp) that wraps the existing graph and exposes one tool:scan_skill(target, use_llm=...)— returns the same verdict the CLI already produces (score, severity, findings) for a repo / URL / zip / dir / file.Then any MCP client (Claude Code, Codex, Gemini) or a remote A2A runtime can call it and gate the install on the result. I'd support both stdio and HTTP.
One thing I'd want to get right: when the LLM pass can't run, the result should say so explicitly instead of quietly degrading to static-only (related: #3, #4, #9). An agent acting on the score shouldn't assume it got a full scan when it didn't.
Before I send a PR, a few questions:
skillspector mcpsubcommand, or a separate entry point?mcpas an optional extra (pip install "skillspector[mcp]") so the core deps stay light — ok?scan_skill, or do you want finer-grained tools too?Happy to implement it with tests and docs.