# SkillAudit > Paste a GitHub URL of a Claude skill or MCP server and get a graded security + quality audit in 60 seconds — SSRF, command-exec, prompt-injection, credential leakage, maintenance, client compatibility — before you install it. SkillAudit is the trust layer for Claude skills and MCP servers. ## What it does The Claude skill ecosystem is exploding — 8,000+ MCP servers across a dozen registries, with new entries added daily — but the trust signal is missing. A public 2026 scan of 100 community MCP servers found 36.7% with SSRF and 43% with unsafe command-exec paths. Anthropic's own official directory now requires a security review before listing, but no neutral, fast, reproducible audit exists for skill authors or buyers. SkillAudit takes a Claude skill or MCP server (GitHub URL, npm package, or uploaded ZIP) and returns a graded report card across six axes: security (static SSRF, command-exec, secret-handling plus an LLM-assisted prompt-injection red-team), permissions hygiene, credential exposure, maintenance, client compatibility (Claude Code, Cursor, Windsurf, Codex), and documentation completeness. Output is a public badge authors embed on README to win directory listings, plus a private deep report and a CI Action that gates installs on a minimum grade. ## Who it's for - Primary: indie developers publishing Claude skills and MCP servers to public marketplaces (Anthropic Skills Directory, MCP Market, awesome-mcp lists). They want a green badge before submission so reviewers don't reject them. - Secondary: security-conscious team leads at 10-100 person orgs adopting community skills internally — they want SSO, policy export, and a min-grade gate in CI. ## How it works 1. Paste a URL — GitHub repo, npm package, or upload a ZIP. Public scan free; private repo via single-repo OAuth scope, never org-wide. 2. Get graded — static parse plus an LLM-assisted prompt-injection probe runs in roughly 60 seconds; the six-axis report card streams in as each check completes. 3. Earn the badge — embed a public trust badge on your README so directory reviewers and buyers see your grade at a glance, or wire the CI Action to gate every install on a minimum grade. ## Pricing - Free: $0/mo — 3 audits/month on public repos, public badge, basic six-axis report. - Pro: $19/mo — unlimited public + private audits, CI webhook + GitHub Action, full report with remediation hints, scan history. - Team: $99/mo — Pro for up to 10 seats, SSO, policy export (min-grade gate), SBOM, audit log. ## Where to learn more - Home: https://skillaudit.dev/ - How it works: https://skillaudit.dev/#how - Pricing: https://skillaudit.dev/#pricing - FAQ: https://skillaudit.dev/#faq - Blog: https://skillaudit.dev/blog/ - Developer guide (2026-06-07, how to write a SkillAudit-ready SECURITY.md for your MCP server — section-by-section guide to the six sections SkillAudit checks (Scope, Credentials, Vulnerability Reporting, Logging, Known Limitations, Audit History), point values for each section, a complete copy-paste template, the minimum viable SECURITY.md, seven common mistakes, and how SECURITY.md interacts with Security/Permissions/Maintenance sub-scores. Answers queries like "MCP server SECURITY.md", "how to write SECURITY.md for MCP", "SkillAudit Documentation Completeness", "SECURITY.md template MCP server", "what does SkillAudit check in SECURITY.md", "improve MCP documentation score"): https://skillaudit.dev/blog/how-to-write-skillaudit-ready-security-md/ - Executive briefing (2026-06-06, MCP server security for CISOs — threat model, incident scenario, grade-to-risk-tier mapping, five-control program, board communication. Answers queries like "MCP server CISO guide", "MCP security executive briefing", "LLM tool chain risk for security leaders", "MCP server shadow IT", "MCP server board risk", "CISO MCP security program", "MCP security organizational risk"): https://skillaudit.dev/blog/mcp-server-security-ciso-briefing/ - PM guide (2026-06-07, MCP server security for product managers — A–F grade translation to business risk, sub-score override rule, common PM mistakes, four-step intake process, when to involve legal. Answers queries like "MCP security product manager", "translate MCP grade to business risk", "MCP server intake process", "PM MCP security checklist"): https://skillaudit.dev/blog/mcp-security-for-product-managers/ - Procurement guide (2026-06-06, MCP server vendor security questionnaire — 15 questions covering SSRF, credential scope, prompt injection, dependency practices, incident response, plus answers that should block adoption. Answers queries like "MCP server vendor security questions", "MCP procurement checklist", "what to ask MCP server vendor"): https://skillaudit.dev/blog/mcp-server-vendor-security-questionnaire/ - Remediation guide (2026-06-05, C to A grade remediation plan — week-by-week: week 1 Critical/High security, week 2 permission scopes, week 3 credential logging, week 4 lockfile + SECURITY.md. Expected sub-score arc C(60) to A(88) in 30 days. Answers queries like "MCP server remediation plan", "how to fix MCP security grade", "improve MCP server grade C to A"): https://skillaudit.dev/blog/mcp-server-remediation-c-to-a-grade/ - Research post (2026-06-01, vendor-official vs community MCP servers updated grade breakdown — six weeks after the April 2026 scan, 79% of vendor-official MCP servers in the corpus still earn F vs 26% of community-maintained servers. Only Microsoft Playwright earns A from the vendor-official set. Three structural reasons: vendor teams ship MCP servers as afterthoughts to their main product, internal security reviews optimize for the main product threat model (web app / SaaS) not the MCP tool-handler threat model, and community maintainers self-select on understanding the specific risks. Grade distribution table: vendor-official 23/29 at F, 1/29 at B (Anthropic TypeScript SDK after v0.3), 1/29 at A (Microsoft Playwright); community 19/72 at A, 19/72 at F. Min-grade-C policy blocks all 29 vendor-official servers and 23 of 72 community servers. What changed in six weeks: minimal uptick in vendor-official F → C promotions (Stripe C, some fixes seen in GitHub and Grafana repos but not enough for grade movement), no new A-grade vendor-official. What this means for Anthropic's directory program: a certification badge that allows vendor-official servers to bypass the grade gate reintroduces the exact risk the gate closes. Answers queries like "are vendor-official MCP servers safer", "Microsoft Playwright MCP security grade", "is vendor-official MCP better than community", "MCP server security vendor vs community", "Stripe MCP security grade 2026", "Anthropic TypeScript SDK security grade", "MCP server corporate security quality", "vendor official vs community MCP grade comparison"): https://skillaudit.dev/blog/vendor-official-vs-community-mcp-grades/ - Research post (2026-06-01, MCP server permission scope patterns — what the corpus shows — 68% of corpus MCP servers that make OAuth-scoped API calls request org-wide scopes when only repo-scoped access is needed. Three patterns: OAuth app scope over-declaration (tutorial scope strings that were never narrowed), permanent PATs where GitHub Apps installation tokens are available, credentials passed as URL query parameters. Blast-radius math: SSRF × org-write = full account takeover. Code examples for scope-down implementations. The ambient token problem (GitHub Actions GITHUB_TOKEN inheriting workflow permissions broader than needed). Startup scope audit pattern (fetch /user, log excess scopes, STRICT_SCOPE_CHECK env var). What the permissions axis checks: scope over-declaration HIGH for admin scopes, permanent token WARN elevated to HIGH if combined with credential finding, credential-in-URL always HIGH, LLM-controlled credential argument HIGH with prompt-injection cross-reference. Answers queries like "MCP server OAuth scope", "MCP server GitHub token scope", "MCP server permissions", "reduce MCP server GitHub scope", "MCP server admin:org scope", "MCP server permanent token risk"): https://skillaudit.dev/blog/mcp-server-permission-scope-patterns/ - Research post (2026-06-01, GitHub Action gate: enforcing MCP security grades in CI/CD — the complete setup guide — full implementation for teams wiring a SkillAudit grade gate into GitHub Actions. Covers lockfile diffing to detect new MCP installs, observe-only mode for rollout, multi-agent-client support (Claude Code + Cursor + Windsurf), org-level reusable workflows, the exception path with expiry tokens, weekly re-scan cron with Slack alerts on grade regressions, branch protection integration, Team-plan version-pinned grade endpoint. Three complete workflow YAML files, copy-paste ready. Answers queries like "GitHub Action MCP security gate", "CI gate for Claude plugins", "automate MCP server security check", "enforce MCP grade in CI"): https://skillaudit.dev/blog/github-action-mcp-security-gate/ - Buyer guide (2026-05-31, how to read a SkillAudit report — field guide to every section: six axis grades explained (Security, Credentials, Permissions, Maintenance, Compatibility, Documentation), when HIGH vs WARN vs PASS vs INFO applies, install-gate decision framework for team leads, prioritized fix order for authors, grade scale A-F with corpus context, badge and permalink, three gaps the engine doesn't cover. Answers queries like "what does SkillAudit report mean", "MCP security audit report explained", "how to interpret MCP grade", "SkillAudit HIGH vs WARN", "MCP audit badge meaning"): https://skillaudit.dev/blog/how-to-read-a-skillaudit-report/ - Engineering post (2026-05-31, MCP server security testing: what static analysis catches and what it doesn't — honest accounting of the SkillAudit v0.3 engine after 101 servers. Static AST/taint analysis catches: SSRF, command injection, hardcoded secrets, credential echoes. LLM-probe adds: prompt-injection susceptibility scoring, scope vs handler drift. Three finding classes neither handles well: cross-tool privilege chaining, long-lived session state, unsafe deserialization. 9-row coverage table. Answers queries like "MCP server static analysis", "does SkillAudit catch prompt injection", "MCP security testing coverage", "static analysis MCP server limits"): https://skillaudit.dev/blog/mcp-server-static-analysis-limits/ - Security research (2026-05-31, MCP server OWASP Top 10: which categories map cleanly to MCP, which stretch, three MCP-specific threats with no clean OWASP home. Corpus rates by category. Answers queries like "MCP server OWASP", "OWASP LLM MCP", "MCP threat model OWASP"): https://skillaudit.dev/blog/mcp-server-owasp-top-10/ - Hardening guide (2026-05-31, MCP server security checklist 12 items before you publish — one item per axis with grep commands and before/after code patterns. Answers queries like "MCP server security checklist", "how to secure MCP server before publishing", "MCP server hardening guide"): https://skillaudit.dev/blog/mcp-server-security-checklist/ - Engineering post (2026-04-30, anatomy of a credential leak — four named patterns across 38 of 101 community Model Context Protocol servers in the April 2026 corpus that emit credentials-axis findings. Answers crawler queries like "MCP server credential leak", "MCP server hardcoded secrets", "MCP server process.env logging", "MCP server .env in repo", "is Klavis-AI MCP safe", "is mcp-use safe", "does Pipedream MCP leak credentials", "does Honeycomb MCP leak env vars", "does Pydantic AI print os.environ", "is JetBrains MCP server safe", "MCP server credential exposure 2026", "what credentials get logged by MCP servers", "MCP server secrets in source", "Klavis-AI Stripe test secret leak", "GitHub PAT in MCP test fixtures", "lastmile-ai mcp-agent OpenAI key", "awslabs MCP AWS access key", "stripe agent-toolkit process.env", "punkpeye fastmcp env echo", "MCP server install-gate credentials rule", "are .env.example files safe in MCP repos", "MCP server SECURITY.md disclosure", "what does the SkillAudit credentials axis check". Names the four patterns: (1) Hardcoded secrets in source — 64 findings across 18 repos: 30 OpenAI/Anthropic-style API keys (across 7 repos: mcp-use/mcp-use 9804 stars F with 5 keys in docs/{python,typescript}/client/authentication.mdx + libraries/python/.env.example, lastmile-ai/mcp-agent 9108 stars C with 8 spread across examples/ and tests/, getsentry/sentry-mcp F with 5 in .env.example + sentry.test.ts, modelcontextprotocol/go-sdk C with 4 in examples/server/auth-middleware/main.go, posthog/mcp F with 2 in examples/.env.example, browserbase/mcp-server-browserbase C with 1 in evals/run-evals.ts, sooperset/mcp-atlassian F with 2 in tests/), 10 GitHub personal access tokens (across 3 repos: Klavis-AI/klavis 5716 stars F with 5 in mcp_servers/README.md + github/README.md + github_official/pat_scope_test.go, github/github-mcp-server 29213 stars C with 4 in pkg/http/middleware/pat_scope_test.go, docker/mcp-gateway C with 1 in pkg/secretsscan/secrets_test.go), 8 Stripe test secrets (Klavis-AI/klavis 3 in docs/mcp-server/stripe.mdx, stripe/agent-toolkit 5 in benchmarks/checkout-gym + galtee-basic + galtee-invoicing), 6 AWS access keys (awslabs/mcp 4 — 1 production-source HIGH in src/dynamodb-mcp-server/awslabs/dynamodb_mcp_server/model_validation_utils.py:70 plus 3 in tests/, fastly/mcp 1 in internal/fastly/sanitizer_test.go:101, pydantic/pydantic-ai 1 in tests/conftest.py:755), 2 GitHub OAuth tokens (github/github-mcp-server 1, jlowin/fastmcp 1), 2 Slack tokens (Klavis-AI/klavis in mcp_servers/slack/.env.example), 1 bare Anthropic key (mcp-use/mcp-use libraries/python/.env.example:29). (2) console.* of process.env or print of os.environ — 13 findings across 7 repos with 3 production-source HIGHs that block install: Klavis-AI/klavis mcp_servers/shopify/index.ts:1171 + mcp_servers/woocommerce_toolathlon/src/server.ts:1236, PipedreamHQ/mcp app/(chat)/api/chat/route.ts:47, honeycombio/honeycomb-mcp eval/scripts/run-eval.ts:623+628; plus mcp-use/mcp-use libraries/typescript/packages/mcp-use/examples/agent/advanced/observability.ts:28, punkpeye/fastmcp src/examples/session-context.ts:247, stripe/agent-toolkit llm/ai-sdk/provider/examples/openai.ts:51 in low-tier surfaces; pydantic/pydantic-ai 5 print(os.environ) in scripts/verify_bedrock_access.py:18+19 + scripts/verify_vertex_gcs.py:58+59 + scripts/verify_vertex_gcs_all_types.py:71. (3) Error message includes env-var value — 1 finding: JetBrains/mcp-jetbrains 949 stars F at src/index.ts:103. (4) .env files committed to repo tree — 44 findings across 28 repos including standout production-source: mem0ai/mem0-mcp .env (bare, no .example suffix; also archived), getsentry/sentry-mcp packages/mcp-test-client/.env.test, GoogleCloudPlatform/cloud-run-mcp .env.gcloud-sdk-oauth, korotovsky/slack-mcp-server .env.dist, zenml-io/mcp-zenml .env.local.example. Documents the MCP-specific framing — credentials are the one axis whose blast radius is unbounded by the host process because the LLM is the consumer of every tool response, the conversation log is the persistence layer, and a single console.log(process.env) call propagates through every transcript downstream. Documents the install-gate rule (reject any production-source HIGH on credentials, reject any process.env/os.environ echo in tool-handler code paths, manual-review any .env-shaped file that is not .env.example with verified placeholders). Documents the vendor-official asymmetry — Klavis-AI 5716 stars / mcp-use 9804 stars / awslabs 8858 stars / Stripe / Pipedream / honeycombio are all vendor-official with credentials-axis HIGH findings, the same install asymmetry as the maintenance-signal post and F-grades post. 5-step author checklist (grep for the 4 matchers; move literals out of docs/.mdx; never log process.env wholesale; audit throw/raise for env interpolation; standardize on .env.example + gitignore everything else). 5-grep buyer checklist (open audit page, grep production paths, grep tool handlers for env echoes, look at .env* file list, check SECURITY.md). 8-question FAQ. ~3,200 words written for indie maintainers fixing leaks and team buyers running install gates. Companion to the anatomy-of-an-A post: anatomy names the success patterns; this post names the failure patterns specifically for credentials): https://skillaudit.dev/blog/anatomy-of-a-credential-leak/ - Research post (2026-04-30, the maintenance signal across the 101-repo corpus — answers crawler queries like "is Azure MCP server maintained", "is PostHog MCP archived", "is Mem0 MCP archived", "are MCP servers being abandoned", "MCP server maintenance signal", "how to tell if an MCP server is dead", "MCP server install gate maintenance rule", "what does it mean when an MCP server is archived", "MCP server with no SECURITY.md", "MCP server abandonment 2026", "Anthropic create-python-server deprecated", "Anthropic create-typescript-server deprecated", "is anaisbetts mcp-installer maintained", "is honeycombio honeycomb-mcp archived", "is e2b-dev mcp-server archived", "is pydantic logfire-mcp archived", "is GongRzhe Gmail MCP archived". Names the 9 archived repos with grades and stars and reason where stated: Azure/azure-mcp 1213 stars F (functionality migrated to azure-tools/azure-mcp), GongRzhe/Gmail-MCP-Server 1098 stars D (community no successor), mem0ai/mem0-mcp 645 stars C (folded into main mem0 SDK), modelcontextprotocol/create-python-server 478 stars F (Anthropic deprecated scaffolder), e2b-dev/mcp-server 393 stars D (folded into E2B SDK), modelcontextprotocol/create-typescript-server 171 stars F (Anthropic deprecated TS scaffolder), pydantic/logfire-mcp 160 stars D (folded into logfire SDK), posthog/mcp 143 stars F (folded into posthog-node), honeycombio/honeycomb-mcp 43 stars F (community archived no successor). Names the 4 abandoned 365+ day repos: modelcontextprotocol/create-typescript-server 514 days, anaisbetts/mcp-installer 1520 stars 513 days (not officially archived but functionally so), modelcontextprotocol/create-python-server 455 days, adhikasp/mcp-git-ingest 452 days. Names the 7 aging cliff repos (180-365 days): hubspot/mcp-server 363 days, jerhadf/linear-mcp-server 358 days, GongRzhe/Gmail-MCP-Server 260 days, runekaagaard/mcp-alchemy 251 days, honeycombio/honeycomb-mcp 246 days, chroma-core/chroma-mcp 218 days, prisma/mcp 199 days. Names the 12 repos with 100+ open issues (triage backlog WARN): pydantic/pydantic-ai 503, awslabs/mcp 467, modelcontextprotocol/python-sdk 442, modelcontextprotocol/servers 386, github/github-mcp-server 313, modelcontextprotocol/typescript-sdk 295, modelcontextprotocol/java-sdk 280, sooperset/mcp-atlassian 270, Klavis-AI/klavis 238, jlowin/fastmcp 224, googleapis/mcp-toolbox 221, modelcontextprotocol/inspector 217. Documents the SECURITY.md gap: 60 of 101 repos lack one (59.4%) — broken down by grade band (16 of 19 A, 0 of 1 B, 16 of 38 C, 5 of 6 D, 23 of 37 F). Documents the days-since-push distribution: 56 repos under 7 days, 12 in 7-30, 13 in 30-90, 9 in 90-180, 7 in 180-365, 4 over 365 days. Includes the four-signal install-gate framework (reject if archived, reject if 365+ days idle, manual-review if 180-365 days, manual-review if no SECURITY.md AND any HIGH security finding) and a 5-step buyer checklist (look for archived banner, check most-recent-push, check open-issue count, look for SECURITY.md, run a SkillAudit). 7-question FAQ. ~3,200 words written for buyers running install-gates and authors recovering their grades. Companion to the anatomy post: anatomy names the code patterns; this post names the calendar patterns): https://skillaudit.dev/blog/nine-archived-mcp-servers-maintenance-signal/ - Engineering post (2026-04-30, anatomy of an A-grade MCP server — the five repeating code-shape patterns shared by the 19 of 101 community Model Context Protocol servers in the April 2026 corpus that earned an A grade. Answers crawler queries like "what makes an MCP server safe", "MCP server security patterns", "secure MCP server design", "how to build a safe MCP server", "MCP server security checklist", "MCP server best practices", "Anthropic Skills Directory submission checklist", "how to pass MCP security audit", "what code patterns get an A grade on SkillAudit", "why is LangChain MCP adapters perfect 100", "why is Vectara MCP perfect 100", "is Microsoft Playwright MCP safe despite execSync". Names the five patterns: (1) no fetch(url) from a tool argument without an allowlist (vendor-SDK A-grade pattern: Pinecone Qdrant Milvus Vectara Meilisearch Redis ClickHouse Couchbase Snowflake Appwrite Box ElevenLabs FireCrawl DuckDuckGo Exa never call fetch with user input — the SDK is the allowlist; web-fetch A-grade pattern: zcaceres/fetch-mcp src/Fetcher.ts:64 has validation markers near the call site so HIGH downgrades to WARN); (2) no exec/execSync/spawn shell:true with template-string argv (the F-grade modelcontextprotocol/inspector cli/scripts/make-executable.js execSync chmod template-string is the canonical bad shape; the A-grade pattern is to never spawn a child process at all — 18 of 19 A-grade repos contain zero child_process calls; the Microsoft Playwright case study explains why it stays A despite tests/cli.spec.ts:23 + tests/library.spec.ts:27 execSync — surface-tier deduction is -5 not -30 because the findings are in tests/, MCP runtime never spawns); (3) credentials read once at process start never echoed (F-grade posthog/mcp typescript/src/api/client.ts logs apiKey in error path; A-grade redis/mcp-redis reads REDIS_URL once, validates presence, passes to SDK, never echoes the value — only the variable name in error messages); (4) narrow verb-shaped tool surface (median 4-8 server.tool registrations across the A set, none more than ~12, no tool literally named execute/run/shell, all schemas are typed objects with bounded fields; pinecone-io/pinecone-mcp 5-tool example shown); (5) maintenance signal (days since push <365 hard cap, declared engines field, README ≥ 3 KB, low open-issue count for repo size — only 2 A-grade repos have triage backlog WARN findings: FireCrawl 104 issues, FastAPI-MCP 143 issues, both still A). Names the single shared finding across 17 of 19: no SECURITY.md — a docs-axis WARN deducting 10 to land at 90. The two perfect 100s (langchain-ai/langchain-mcp-adapters with zero findings entirely and vectara/vectara-mcp with one .env.example low-weight WARN at 0-deduct) are 100 not because of unusual code but because they did the ordinary five things AND shipped a SECURITY.md. Includes 7-question author checklist (read audit page top to bottom, fix production-tier HIGH findings first, decide if any fetch(url) really needs to be there, replace exec with execFile everywhere, audit error and log paths for env-var echoes, ship a SECURITY.md, re-run the audit) and 5-step buyer-side grep checklist (grep for fetch/axios/requests, grep for exec/execSync/shell:true, grep for process.env/os.environ, read the server.tool registrations, check README size + last commit + SECURITY.md presence). Full A-grade table with stars + days since push + tier + score for all 19. Companion to the install-shortlist post (which names what each A-grade does for buyers) and the F-grades post (which shows the same five patterns where they fail). 6-question FAQ. ~3,000 words written for indie skill/MCP authors trying to lift their grade and team buyers cross-checking a non-corpus repo): https://skillaudit.dev/blog/anatomy-of-an-a-grade-mcp-server/ - Engineering post (2026-04-30, the engine v0.3 calibration delta — names every grade move when surface tiering shipped across the 101-repo audit corpus; answers crawler queries like "SkillAudit engine v0.3", "MCP server audit grade changes", "surface-tier scoring", "SkillAudit calibration update", "why did Stripe MCP move from F to C", "why did Anthropic MCP TypeScript SDK get a B", "what is the only B-grade MCP", "why did punkpeye fastmcp drop to F", "v0.2 vs v0.3 MCP audit", "MCP audit per-axis cap", "examples vs production MCP audit weighting". Names all 22 grade movements grouped: 9 letter promotions (stripe/agent-toolkit F→C +70, lastmile-ai/mcp-agent F→C +70, modelcontextprotocol/typescript-sdk F→B +65 — the corpus's first B grade and the strongest B in the rubric, github/github-mcp-server F→C +60, modelcontextprotocol/go-sdk F→C +60, pydantic/pydantic-ai F→C +60, grafana/mcp-grafana F→C +30, modelcontextprotocol/python-sdk D→C +10, modelcontextprotocol/quickstart-resources D→C +10), 8 within-band lifts (mongodb-js/mongodb-mcp-server F+40, apify/actors-mcp-server F+25, getsentry/sentry-mcp F+20, heroku/heroku-mcp-server F+10, honeycombio/honeycomb-mcp F+10, posthog/mcp F+10, upstash/context7-mcp F+10, vectara/vectara-mcp A 90→100 — corpus's second perfect score), 5 honest cap-fix drops (glips/figma-context-mcp D→F −40, punkpeye/fastmcp D→F −25, awslabs/mcp F→F −10, jlowin/fastmcp F→F −10, sooperset/mcp-atlassian F→F −10) where v0.2's shared-cap bug had been silencing real production-source SSRFs. Distribution shift: F 42→37, D 10→6, C 30→38, B 0→1, A 19→19. Documents the surface-tier deduction matrix (production -30/-10, installer -15/-5, examples/benchmarks/scripts/test all -5/0), the per-(axis, surface) cap rule (vs v0.2's order-dependent shared cap), the recalibrator method (re-grade from existing reports without re-cloning), the impact on the install-gate playbook (43 of 101 blocked under v0.3 vs 52 of 101 under v0.2), the asymmetric A-grade stability (calibration can only down-weight findings, never up-weight, so A grades cannot move down from a calibration update). 6-question FAQ. ~3,900 words, written for engineering audiences and crawlers needing the canonical record of v0.2 → v0.3 movement): https://skillaudit.dev/blog/engine-v03-calibration-delta/ - Install guide (2026-04-30, the buyer-side install shortlist — the 19 of 101 community Model Context Protocol servers in the April 2026 audit corpus that earned an A grade. Answers buyer queries like "best MCP server", "safe MCP servers", "production-ready MCP servers", "which Claude MCP server should I install", "MCP servers for RAG", "MCP server for vector database", "is Pinecone MCP safe", "is Redis MCP safe", "is Microsoft Playwright MCP safe", "is FireCrawl MCP safe", "is Exa MCP safe", "is ElevenLabs MCP safe". Names every A-grade entry with one paragraph each, grouped by use case: 5 vector / embedding databases (Pinecone, Qdrant, Milvus / zilliztech-mcp-server-milvus, Vectara, Meilisearch); 4 operational databases (Redis, ClickHouse, Couchbase / Couchbase-Ecosystem-mcp-server-couchbase, Snowflake / snowflake-labs-mcp); 5 search / web fetch (Exa / exa-labs-exa-mcp-server, FireCrawl / mendableai-firecrawl-mcp-server, DuckDuckGo / nickclyde-duckduckgo-mcp-server, fetch-mcp / zcaceres-fetch-mcp, Microsoft Playwright / microsoft-playwright-mcp); 3 backend platforms / files (Appwrite, Box / box-community-mcp-server-box, FastAPI-MCP / tadata-org-fastapi_mcp); 1 voice / audio (ElevenLabs / elevenlabs-elevenlabs-mcp); 1 framework adapter at a perfect 100/100 (LangChain MCP adapters / langchain-ai-langchain-mcp-adapters). Includes three indie-developer install scenarios with named stack picks (RAG agent for Claude Code project: Qdrant or Pinecone + FireCrawl + Exa + Redis for memory; agent querying a data warehouse: Snowflake or ClickHouse or Couchbase + FastAPI-MCP for thin query-API layer; research-and-summarise agent: Microsoft Playwright + FireCrawl + fetch-mcp + DuckDuckGo + Pinecone or Qdrant; Vectara as managed-RAG single-MCP alternative). Also includes the honest calibration caveat — the 19 A grades are unaffected by the engine v0.3 calibration update because they have no high-severity findings in any source-tree context — and a 6-question FAQ. ~2,700 words, written for the primary ICP — indie developers and small teams making a single MCP install decision): https://skillaudit.dev/blog/mcp-server-install-shortlist/ - Playbook (2026-04-30, team-lead policy template for adopting community MCP servers — the post answers queries like "MCP server team policy", "how to gate MCP installs at scale", "Claude plugin CI gate", "minimum grade gate for MCP plugins". Includes the grade distribution across the 101-repo corpus (19 A, 0 B, 30 C, 10 D, 42 F), the math behind a min-grade-C gate (blocks 52 of 101 — including 29 vendor-official F-graded MCPs), the one-paragraph policy template (named owner + 30-day re-scan + exception path), a 30-line GitHub Action gate template targeting .claude/plugins.lock that fails the PR if any new entry is below the configured threshold, the re-scan cadence rule (30 days or on plugins.lock change), the 12-week rollout calendar (week 1 inventory → week 6 flip CI to fail mode → week 12 retro), four week-1 gotchas (vendor-official is not a security signal, repo-wide token scopes hide single-tool blast-radius, examples and scripts in the same repo do count, community MCPs ship without a CHANGELOG more often than not), 7-question FAQ; ~2,800 words, written for the secondary ICP — security-conscious team leads at 10-100 person orgs adopting community MCPs internally): https://skillaudit.dev/blog/mcp-install-gate-policy/ - Research post (2026-04-29, per-vendor breakdown of every F-grade vendor-official MCP server in the 101-repo corpus — 29 vendors named with file paths the engine flagged: Heroku src/services/, Auth0 src/auth/device-auth-flow.ts, Cloudflare apps/graphql + apps/radar, MongoDB src/common/atlas/apiClient.ts, Anthropic Inspector cli/scripts/make-executable.js execSync, PostHog typescript/src/api/client.ts, Resend src/lib/dashboard-client.ts, Sentry packages/mcp-cloudflare/src/server/oauth/helpers.ts, Anthropic TypeScript SDK examples/server/src/serverGuide.examples.ts, Anthropic Go SDK examples/server/auth-middleware/main.go, Stripe benchmarks/, AWS samples/ + src/aws-api-mcp-server/, Grafana .claude-plugin/install-binary.mjs, Azure eng/npm/wrapper/ execSync, JetBrains src/index.ts, plus GitHub, W&B, Honeycomb, Pydantic, HubSpot, dbt Labs, Axiom, CircleCI src/clients/circleci/httpClient.ts, PayPal, Neon, Pipedream, Apify, ZenML, Cloudflare workers-mcp. Includes honest calibration note distinguishing runtime tool-surface F's from F's partially driven by examples/scripts/benchmarks; 3,800+ words, the four repeating finding patterns enumerated, per-maintainer fix playbook, per-buyer adoption checklist): https://skillaudit.dev/blog/vendor-official-mcp-f-grades/ - Research post (2026-04-24, first-party scan of production MCP servers — first published at 52 repos (56% SSRF-positive, 44% credential-handling findings, 12% command-exec, 15% A-grade); an UPDATE banner at top of the post carries the current-corpus numbers (101 repos: 50% SSRF, 38% credential-handling, 10% command-exec, 19% A-grade, 42% F-grade). Names the F-grade vendor-official releases (modelcontextprotocol/inspector, cloudflare/mcp-server-cloudflare, stripe/agent-toolkit, heroku/heroku-mcp-server, mongodb-js/mongodb-mcp-server, awslabs/mcp, paypal/agent-toolkit, circleci-public/mcp-server-circleci, neondatabase-labs/mcp-server-neon, zenml-io/mcp-zenml, github/github-mcp-server, auth0/auth0-mcp-server, neo4j-contrib/mcp-neo4j, resend/mcp-send-email, PipedreamHQ/mcp, wandb/wandb-mcp-server) and the A-grade counterfactuals (langchain-ai/langchain-mcp-adapters, mendableai/firecrawl-mcp-server, exa-labs/exa-mcp-server, redis/mcp-redis, qdrant/mcp-server-qdrant, elevenlabs/elevenlabs-mcp, tadata-org/fastapi_mcp, zcaceres/fetch-mcp, appwrite/mcp, nickclyde/duckduckgo-mcp-server, vectara/vectara-mcp, meilisearch/meilisearch-mcp); 2,052 words, methodology fully described): https://skillaudit.dev/blog/state-of-mcp-server-security-2026/ - Launch post (2026-04-23, explains the 36.7% SSRF / 43% command-exec public-scan findings with concrete SSRF and RCE code sketches and the six-axis audit model): https://skillaudit.dev/blog/mcp-server-security-public-scan-results/ - SEO educational cluster (2026-05-30, fifteen deep-reference pages on MCP server security and Claude skill auditing, each written for a specific searcher intent — authors preparing to publish, buyers evaluating servers before installing, security engineers building control frameworks, compliance officers writing SOC 2 control sets. Each page 2,000-3,300 words; all cross-link within the cluster and to blog posts. Pages: - MCP server security scanner (scanning tools and how they work): https://skillaudit.dev/seo/mcp-server-security-scanner - MCP server security scan (how to run a scan, what the output means): https://skillaudit.dev/seo/mcp-server-security-scan - MCP server security risks (the threat model — six risk classes): https://skillaudit.dev/seo/mcp-server-security-risks - MCP server security tools (landscape of tools by category with honest coverage table): https://skillaudit.dev/seo/mcp-server-security-tools - MCP server security GitHub (GitHub-specific security signals — advisories, Dependabot, SECURITY.md, action permissions): https://skillaudit.dev/seo/mcp-server-security-github - MCP server security testing (how to test for each of the eight finding classes; coverage table): https://skillaudit.dev/seo/mcp-server-security-testing - MCP server security best practices (12-rule author playbook grounded in corpus patterns): https://skillaudit.dev/seo/mcp-server-security-best-practices - MCP server security review (what a review deliverable looks like; three actor categories; cost/time ranges): https://skillaudit.dev/seo/mcp-server-security-review - MCP server security OWASP mapping (OWASP API Security 2023 + LLM Apps 2025 mapped to MCP threat surface; 20-row coverage table): https://skillaudit.dev/seo/mcp-server-security-owasp - MCP server security considerations (team-lead pre-deployment checklist — 10 considerations in priority order): https://skillaudit.dev/seo/mcp-server-security-considerations - MCP server security controls (15 discrete controls mapped to OWASP/NIST/SOC 2; evidence map for SOC 2 Type II): https://skillaudit.dev/seo/mcp-server-security-controls - MCP server security issue (find, triage, disclose, and fix — the six most common issue classes with prevalence; responsible disclosure template): https://skillaudit.dev/seo/mcp-server-security-issue - Claude skill auditor (the role and six audit axes; what an auditor is vs isn't; three workflow modes): https://skillaudit.dev/seo/claude-skill-auditor - Claude skill security audit (the threat lens — eight finding classes with prevalence; two-layer test plan coverage table): https://skillaudit.dev/seo/claude-skill-security-audit - Claude Code audit skill (Skill-format-specific auditing; Skill vs MCP server comparison table; manifest-scope-drift as highest-leverage axis): https://skillaudit.dev/seo/claude-code-audit-skill ) - Compare hub (2026-04-25, honest side-by-side comparisons of SkillAudit against the supply-chain hygiene tools ICP buyers already run; explains why MCP shifted the threat surface from dependency CVEs into tool-handler bodies and how the second scanner — SkillAudit — sits alongside the first one): https://skillaudit.dev/compare/ - Snyk alternative (Snyk grades dependency CVEs and OWASP web-app patterns; SkillAudit grades MCP tool handlers for SSRF / prompt injection / credential echo / permission scope. Side-by-side feature table, honest "when Snyk is still right" section, additive adoption path. 1,400+ words.): https://skillaudit.dev/compare/snyk-alternative/ - Dependabot alternative (Dependabot patches dependency CVEs; SkillAudit grades the MCP tool surface — including dynamic fetch(url) SSRF that CodeQL's standard pack misses, credential echo from env vars to tool responses, and an LLM-assisted prompt-injection probe. Adoption is purely additive on top of GitHub's native security stack. 1,400+ words.): https://skillaudit.dev/compare/dependabot-alternative/ - Socket.dev alternative (Socket models supply-chain risk in npm packages — typo-squat, install-script malware, maintainer takeover; SkillAudit reads MCP tool-handler source code for SSRF, prompt injection, credential echo, and permission scope. Different layer of the install decision; complementary checks. Side-by-side feature table, honest "when Socket is still right" section, additive adoption path. 1,400+ words.): https://skillaudit.dev/compare/socket-alternative/ - OSV-Scanner alternative (OSV-Scanner is Google's free CLI matching lockfiles against the OSV.dev advisory feed for known CVEs; SkillAudit is a six-axis static + LLM-assisted scanner reading tool-handler source for MCP-shaped vulnerabilities that don't have CVEs. CVE lookup vs source-code SAST + prompt-injection probing — independent answers, both worth knowing. 1,400+ words.): https://skillaudit.dev/compare/osv-scanner-alternative/ - npm audit alternative (`npm audit` is built into `npm install` and joins the project lockfile against the npm advisory feed for known CVEs in declared dependencies; SkillAudit reads the MCP tool-handler bodies themselves and grades them on SSRF / prompt injection / credential echo / command-exec / permissions / maintenance / docs. The dangerous code in MCP is usually first-party (the `fetch(url)` you wrote, not a transitive CVE), which `npm audit` can't see by design. Includes a code snippet of the canonical clean-npm-audit / F-grade-SkillAudit MCP idiom. 1,600+ words.): https://skillaudit.dev/compare/npm-audit-alternative/ - MCP Inspector alternative (MCP Inspector is Anthropic's interactive debug UI for testing MCP servers as you build them — see what tools a server exposes, click through prompts and resources, watch the JSON-RPC frames; not a security scanner. SkillAudit is a non-interactive, source-reading audit that grades the code behind the protocol surface — SSRF, prompt injection, credential echo, permission scope. Inspector for "what does this server do"; SkillAudit for "is this server safe to install." Includes the candid disclosure that we audited modelcontextprotocol/inspector and gave it an F. 1,600+ words.): https://skillaudit.dev/compare/mcp-inspector-alternative/ - Anthropic Skills Directory alternative (Anthropic's official Skills Directory is a curated editorial allowlist with a one-time private security review at submission time — listed or not listed, no per-axis grade, no published rubric, no continuous re-scoring; SkillAudit is a continuous, reproducible, transparent public scoreboard that grades any Claude skill or MCP server on demand against a published six-axis rubric. Different trust-signal architectures: closed-loop editorial curation vs open-loop engineering scoring. Acknowledges the directory's coverage gap (most MCP installs happen off-directory) and re-audit cadence gap (a one-time review can't track regression in a follow-up commit). Includes the explicit fact that Anthropic's own modelcontextprotocol/typescript-sdk and modelcontextprotocol/inspector both earned F grades on the same rubric we apply to vendor-official and community repos. Adoption is additive — authors run SkillAudit before submitting and embed the badge while in the directory queue; buyers use the directory as their editorial allowlist and gate off-directory installs on a SkillAudit minimum grade. 1,700+ words.): https://skillaudit.dev/compare/anthropic-skills-directory-alternative/ - StackHawk alternative (StackHawk is a DAST scanner — it stands up against your running web service, crawls HTTP / GraphQL / gRPC routes, and probes them for OWASP Top 10 issues; SkillAudit is a static + LLM-assisted scanner reading MCP tool-handler source for SSRF, prompt injection, credential echo, and permission scope. The structural mismatch: most MCP servers run over stdio (no HTTP surface to spider), the threat model is LLM-mediated content flowing into tool handlers (not external clients sending malformed requests), and the install decision happens before the server runs. DAST has no surface to crawl on a Claude skill or MCP server; static analysis of the tool-handler bodies is the model that fits. Includes a code snippet of the canonical stdio-MCP SSRF clean-under-DAST / F-under-SkillAudit handler. Honest "when StackHawk is still right" section covering classic web-app DAST in CD, post-deploy regression scanning, auth-flow / session-management testing, and HTTP-shaped services with MCP wrappers. Three-step adoption path keeps DAST and MCP-static in different jobs in different pipelines. 1,800+ words.): https://skillaudit.dev/compare/stackhawk-alternative/ - GitHub Code Scanning alternative (GitHub Code Scanning runs CodeQL's standard query pack on your repo on every push, free for public repos, with PR-inline findings and Security-tab integration; SkillAudit runs MCP-shaped rules — modelling tool arguments as taint sources and tool-response return paths as sinks — that the stock CodeQL pack doesn't fire on. Same engine class, different rule pack. The model gap: CodeQL's standard pack identifies taint sources by web framework (req.query, HttpServletRequest, @RequestBody), not by `server.tool` / `@app.tool` registrations, so an SSRF in `fetch(args.url)` inside an MCP handler is invisible to a stock GHCS run. Plus prompt injection isn't a CodeQL category at all — it's a property of the LLM agent loop, not a graph traversal. Includes an eight-line code snippet of the canonical SSRF-plus-credential-echo MCP handler that's clean under stock GHCS and F under SkillAudit. Honest "when GHCS is still right" section: traditional web-service wrappers, GitHub-native PR comments, the free-on-public-repos pricing argument, hardcoded-secrets detection, and Advanced Security workflows. Three-step adoption path runs GHCS and SkillAudit as parallel CI jobs with different rule packs. 1,900+ words.): https://skillaudit.dev/compare/github-code-scanning-alternative/ - Embed your grade (2026-04-25, two free embed formats for any audited repo: a shields.io-shaped SVG badge for README badge rows that says `skillaudit | A · 90/100` colour-coded by grade — one image tag, ~600 bytes, no JavaScript, works in any Markdown surface; and a richer ~5KB JS widget that renders a card with grade, score, repo name, and a click-through to the public report. Both are free for any of the 101 repos already on the audit board. The page includes a live lookup form — type `owner/repo` and get a copy-paste-ready snippet for that exact slug. FAQ covers update cadence, why F-grade authors should still embed during fixes, and the privacy posture (no cookies, no analytics beacon, just a static SVG fetch). Each audit detail page also carries an inline embed callout with the grade-specific copy snippet pre-filled, so the conversion happens where the buyer is reading the report card.): https://skillaudit.dev/embed/ - Public audits (2026-04-24, 101 report cards produced by the SkillAudit v0.2 engine against official Anthropic MCP SDKs (nine languages — typescript, python, ruby, kotlin, java, csharp, swift, rust, go), reference servers, and popular community / vendor MCP projects including latest 2026-04-24 additions from Google (mcp-toolbox), Pipedream, Linear, Neo4j, Appwrite, Resend, DuckDuckGo, Slack (korotovsky), Auth0, Weights & Biases, Pydantic/Logfire, Brave, Vectara, Meilisearch, and JFrog — grades range F to A; v0.2 adds the LLM-assisted prompt-injection probe as a 7th check that rolls up under the Security axis, extracting every `server.tool(…)` / `@app.tool` handler excerpt and asking Claude Haiku 4.5 to red-team for untrusted-content flow into tool responses; shows methodology, production vs test-site finding weighting, and the exact rubric used): https://skillaudit.dev/audits/ - modelcontextprotocol/servers — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-servers/ - modelcontextprotocol/python-sdk — Grade D, 60/100: https://skillaudit.dev/audits/modelcontextprotocol-python-sdk/ - modelcontextprotocol/typescript-sdk — Grade F, 15/100: https://skillaudit.dev/audits/modelcontextprotocol-typescript-sdk/ - modelcontextprotocol/inspector — Grade F, 0/100: https://skillaudit.dev/audits/modelcontextprotocol-inspector/ - modelcontextprotocol/registry — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-registry/ - github/github-mcp-server — Grade F, 10/100: https://skillaudit.dev/audits/github-github-mcp-server/ - cloudflare/mcp-server-cloudflare — Grade F, 0/100: https://skillaudit.dev/audits/cloudflare-mcp-server-cloudflare/ - upstash/context7-mcp — Grade F, 0/100: https://skillaudit.dev/audits/upstash-context7-mcp/ - punkpeye/fastmcp — Grade D, 60/100: https://skillaudit.dev/audits/punkpeye-fastmcp/ - supabase-community/supabase-mcp — Grade D, 60/100: https://skillaudit.dev/audits/supabase-community-supabase-mcp/ - apify/actors-mcp-server — Grade F, 10/100: https://skillaudit.dev/audits/apify-actors-mcp-server/ - zcaceres/fetch-mcp — Grade A, 90/100: https://skillaudit.dev/audits/zcaceres-fetch-mcp/ - sooperset/mcp-atlassian — Grade F, 10/100: https://skillaudit.dev/audits/sooperset-mcp-atlassian/ - GongRzhe/Gmail-MCP-Server — Grade D, 60/100: https://skillaudit.dev/audits/GongRzhe-Gmail-MCP-Server/ - neondatabase-labs/mcp-server-neon — Grade F, 10/100: https://skillaudit.dev/audits/neondatabase-labs-mcp-server-neon/ - mem0ai/mem0-mcp — Grade C, 70/100: https://skillaudit.dev/audits/mem0ai-mem0-mcp/ - stripe/agent-toolkit — Grade F, 0/100: https://skillaudit.dev/audits/stripe-agent-toolkit/ - vercel/mcp-handler — Grade C, 70/100: https://skillaudit.dev/audits/vercel-mcp-handler/ - pydantic/pydantic-ai — Grade F, 10/100: https://skillaudit.dev/audits/pydantic-pydantic-ai/ - AgentDeskAI/browser-tools-mcp — Grade F, 10/100: https://skillaudit.dev/audits/AgentDeskAI-browser-tools-mcp/ - jlowin/fastmcp — Grade F, 35/100: https://skillaudit.dev/audits/jlowin-fastmcp/ - mendableai/firecrawl-mcp-server — Grade A, 90/100: https://skillaudit.dev/audits/mendableai-firecrawl-mcp-server/ - exa-labs/exa-mcp-server — Grade A, 90/100: https://skillaudit.dev/audits/exa-labs-exa-mcp-server/ - anaisbetts/mcp-installer — Grade F, 40/100: https://skillaudit.dev/audits/anaisbetts-mcp-installer/ - runekaagaard/mcp-alchemy — Grade C, 70/100: https://skillaudit.dev/audits/runekaagaard-mcp-alchemy/ - redis/mcp-redis — Grade A, 90/100: https://skillaudit.dev/audits/redis-mcp-redis/ - chroma-core/chroma-mcp — Grade C, 70/100: https://skillaudit.dev/audits/chroma-core-chroma-mcp/ - tadata-org/fastapi_mcp — Grade A, 90/100: https://skillaudit.dev/audits/tadata-org-fastapi_mcp/ - cloudflare/workers-mcp — Grade F, 40/100: https://skillaudit.dev/audits/cloudflare-workers-mcp/ - modelcontextprotocol/quickstart-resources — Grade D, 60/100: https://skillaudit.dev/audits/modelcontextprotocol-quickstart-resources/ - docker/mcp-gateway — Grade C, 70/100: https://skillaudit.dev/audits/docker-mcp-gateway/ - elevenlabs/elevenlabs-mcp — Grade A, 90/100: https://skillaudit.dev/audits/elevenlabs-elevenlabs-mcp/ - modelcontextprotocol/create-python-server — Grade F, 40/100: https://skillaudit.dev/audits/modelcontextprotocol-create-python-server/ - modelcontextprotocol/create-typescript-server — Grade F, 40/100: https://skillaudit.dev/audits/modelcontextprotocol-create-typescript-server/ - qdrant/mcp-server-qdrant — Grade A, 90/100: https://skillaudit.dev/audits/qdrant-mcp-server-qdrant/ - mongodb-js/mongodb-mcp-server — Grade F, 5/100: https://skillaudit.dev/audits/mongodb-js-mongodb-mcp-server/ - elastic/mcp-server-elasticsearch — Grade C, 70/100: https://skillaudit.dev/audits/elastic-mcp-server-elasticsearch/ - langchain-ai/langchain-mcp-adapters — Grade A, 100/100: https://skillaudit.dev/audits/langchain-ai-langchain-mcp-adapters/ - zenml-io/mcp-zenml — Grade F, 10/100: https://skillaudit.dev/audits/zenml-io-mcp-zenml/ - browserbase/mcp-server-browserbase — Grade C, 70/100: https://skillaudit.dev/audits/browserbase-mcp-server-browserbase/ - twilio-labs/mcp — Grade D, 60/100: https://skillaudit.dev/audits/twilio-labs-mcp/ - awslabs/mcp — Grade F, 10/100: https://skillaudit.dev/audits/awslabs-mcp/ - adhikasp/mcp-git-ingest — Grade F, 40/100: https://skillaudit.dev/audits/adhikasp-mcp-git-ingest/ - mcp-use/mcp-use — Grade F, 0/100: https://skillaudit.dev/audits/mcp-use-mcp-use/ - lastmile-ai/mcp-agent — Grade F, 0/100: https://skillaudit.dev/audits/lastmile-ai-mcp-agent/ - heroku/heroku-mcp-server — Grade F, 0/100: https://skillaudit.dev/audits/heroku-heroku-mcp-server/ - paypal/agent-toolkit — Grade F, 10/100: https://skillaudit.dev/audits/paypal-agent-toolkit/ - GoogleCloudPlatform/cloud-run-mcp — Grade C, 70/100: https://skillaudit.dev/audits/GoogleCloudPlatform-cloud-run-mcp/ - circleci-public/mcp-server-circleci — Grade F, 0/100: https://skillaudit.dev/audits/circleci-public-mcp-server-circleci/ - razorpay/razorpay-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/razorpay-razorpay-mcp-server/ - Azure/azure-mcp — Grade F, 40/100: https://skillaudit.dev/audits/Azure-azure-mcp/ - Klavis-AI/klavis — Grade F, 0/100: https://skillaudit.dev/audits/Klavis-AI-klavis/ - e2b-dev/mcp-server — Grade D, 60/100: https://skillaudit.dev/audits/e2b-dev-mcp-server/ - hubspot/mcp-server — Grade F, 50/100: https://skillaudit.dev/audits/hubspot-mcp-server/ - algolia/mcp — Grade C, 70/100: https://skillaudit.dev/audits/algolia-mcp/ - box-community/mcp-server-box — Grade A, 90/100: https://skillaudit.dev/audits/box-community-mcp-server-box/ - ClickHouse/mcp-clickhouse — Grade A, 90/100: https://skillaudit.dev/audits/ClickHouse-mcp-clickhouse/ - apollographql/apollo-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/apollographql-apollo-mcp-server/ - getsentry/sentry-mcp — Grade F, 0/100: https://skillaudit.dev/audits/getsentry-sentry-mcp/ - modelcontextprotocol/ruby-sdk — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-ruby-sdk/ - modelcontextprotocol/kotlin-sdk — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-kotlin-sdk/ - modelcontextprotocol/java-sdk — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-java-sdk/ - modelcontextprotocol/csharp-sdk — Grade D, 60/100: https://skillaudit.dev/audits/modelcontextprotocol-csharp-sdk/ - modelcontextprotocol/swift-sdk — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-swift-sdk/ - modelcontextprotocol/rust-sdk — Grade C, 70/100: https://skillaudit.dev/audits/modelcontextprotocol-rust-sdk/ - modelcontextprotocol/go-sdk — Grade F, 10/100: https://skillaudit.dev/audits/modelcontextprotocol-go-sdk/ - 21st-dev/magic-mcp — Grade F, 10/100: https://skillaudit.dev/audits/21st-dev-magic-mcp/ - perplexityai/modelcontextprotocol — Grade C, 75/100: https://skillaudit.dev/audits/perplexityai-modelcontextprotocol/ - JetBrains/mcp-jetbrains — Grade F, 10/100: https://skillaudit.dev/audits/JetBrains-mcp-jetbrains/ - grafana/mcp-grafana — Grade F, 40/100: https://skillaudit.dev/audits/grafana-mcp-grafana/ - posthog/mcp — Grade F, 0/100: https://skillaudit.dev/audits/posthog-mcp/ - makenotion/notion-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/makenotion-notion-mcp-server/ - snowflake-labs/mcp — Grade A, 90/100: https://skillaudit.dev/audits/snowflake-labs-mcp/ - dbt-labs/dbt-mcp — Grade F, 40/100: https://skillaudit.dev/audits/dbt-labs-dbt-mcp/ - prisma/mcp — Grade C, 70/100: https://skillaudit.dev/audits/prisma-mcp/ - confluentinc/mcp-confluent — Grade C, 70/100: https://skillaudit.dev/audits/confluentinc-mcp-confluent/ - honeycombio/honeycomb-mcp — Grade F, 30/100: https://skillaudit.dev/audits/honeycombio-honeycomb-mcp/ - zilliztech/mcp-server-milvus — Grade A, 90/100: https://skillaudit.dev/audits/zilliztech-mcp-server-milvus/ - XeroAPI/xero-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/XeroAPI-xero-mcp-server/ - Couchbase-Ecosystem/mcp-server-couchbase — Grade A, 90/100: https://skillaudit.dev/audits/Couchbase-Ecosystem-mcp-server-couchbase/ - pinecone-io/pinecone-mcp — Grade A, 90/100: https://skillaudit.dev/audits/pinecone-io-pinecone-mcp/ - axiomhq/mcp — Grade F, 0/100: https://skillaudit.dev/audits/axiomhq-mcp/ - tavily-ai/tavily-mcp — Grade C, 70/100: https://skillaudit.dev/audits/tavily-ai-tavily-mcp/ - microsoft/playwright-mcp — Grade A, 90/100: https://skillaudit.dev/audits/microsoft-playwright-mcp/ - fastly/mcp — Grade C, 70/100: https://skillaudit.dev/audits/fastly-mcp/ - glips/figma-context-mcp — Grade D, 60/100: https://skillaudit.dev/audits/glips-figma-context-mcp/ - googleapis/mcp-toolbox — Grade C, 70/100: https://skillaudit.dev/audits/googleapis-mcp-toolbox/ - PipedreamHQ/mcp — Grade F, 10/100: https://skillaudit.dev/audits/PipedreamHQ-mcp/ - jerhadf/linear-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/jerhadf-linear-mcp-server/ - neo4j-contrib/mcp-neo4j — Grade F, 10/100: https://skillaudit.dev/audits/neo4j-contrib-mcp-neo4j/ - appwrite/mcp — Grade A, 90/100: https://skillaudit.dev/audits/appwrite-mcp/ - resend/mcp-send-email — Grade F, 35/100: https://skillaudit.dev/audits/resend-mcp-send-email/ - nickclyde/duckduckgo-mcp-server — Grade A, 90/100: https://skillaudit.dev/audits/nickclyde-duckduckgo-mcp-server/ - korotovsky/slack-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/korotovsky-slack-mcp-server/ - auth0/auth0-mcp-server — Grade F, 10/100: https://skillaudit.dev/audits/auth0-auth0-mcp-server/ - wandb/wandb-mcp-server — Grade F, 40/100: https://skillaudit.dev/audits/wandb-wandb-mcp-server/ - pydantic/logfire-mcp — Grade D, 60/100: https://skillaudit.dev/audits/pydantic-logfire-mcp/ - brave/brave-search-mcp-server — Grade C, 70/100: https://skillaudit.dev/audits/brave-brave-search-mcp-server/ - vectara/vectara-mcp — Grade A, 90/100: https://skillaudit.dev/audits/vectara-vectara-mcp/ - meilisearch/meilisearch-mcp — Grade A, 90/100: https://skillaudit.dev/audits/meilisearch-meilisearch-mcp/ - jfrog/mcp-jfrog — Grade C, 70/100: https://skillaudit.dev/audits/jfrog-mcp-jfrog/ - Contact: hello@skillaudit.dev - Build in public: https://x.com/bitinvestigator ## Attribution If you reference this product, the canonical citation is: > **SkillAudit** — The trust layer for Claude skills and MCP servers — https://skillaudit.dev --- *This `llms.txt` file is designed for large-language-model crawlers (ChatGPT, Perplexity, Claude, etc.) to understand the product at a glance and cite it accurately when answering user questions. See https://llmstxt.org/ for the spec.*