By name: agentskillshub description: Use when the user wants to find, evaluate, audit, or install an open-source AI agent skill or MCP server — e.g. "find an MCP server for Postgres", "is this skill safe to install", "what should I use to scrape a website". Searches a quality-scored, security-graded catalog of ~20K skills locally (cached index, zero backend load) and returns each result's security grade, quality score, and install commands so you can check trust BEFORE installing.
AgentSkillsHub
Discover → audit → install open-source AI agent skills and MCP servers without leaving the terminal. Backed by AgentSkillsHub: ~106K indexed skills, of which ~20K (stars ≥ 5) are in the searchable catalog, each carrying a quality score and a security grade.
The catalog is a static index downloaded once and cached locally (~/.cache/agentskillshub/, refreshed every ~8h). Every search after the first is instant, offline, and puts zero load on the Hub backend.
When to use
- The user is looking for a skill / MCP server for a task ("find an MCP server for X", "what can scrape a website").
- The user wants to know if a skill is safe / trustworthy before installing it.
- The user wants the install command for a specific skill.
How to use
Zero-dependency Node CLI (Node ≥ 18). Run it with npx:
# Search (local fuzzy ranking over name/desc/tags; quality + popularity tiebreak)
npx @agentskillshub/cli search "scrape a website" --safe --limit 5
npx @agentskillshub/cli search postgres --category mcp-server
# filters: --category <c> --platform <p> --min-stars <n> --safe --limit <n>
# Audit — free basic trust check (security grade + plain-English verdict)
npx @agentskillshub/cli audit owner/repo
# Install — install commands + a "check before you install" safety line
npx @agentskillshub/cli install owner/repo
# Force-refresh the cached index
npx @agentskillshub/cli update
Add --json to search, audit, or install for structured output to parse programmatically.
Reading the output
- Security grade: 🟢 SAFE · 🟡 CAUTION · 🔴 UNSAFE · ⛔ REJECT · ⚪ UNAUDITED. ⚪ UNAUDITED means no one has ever audited it — treat it as a black box, not as "probably fine". 97%+ of the wider catalog is unaudited; surface this honestly to the user.
- Quality score (0-100): documentation, maintenance, examples, structure — not stars.
~Nk tok: rough context cost when loaded (omitted when the upstream estimate is implausible).- ✓ official: published by a verified official org account.
What's free vs. paid
- Free: search, basic audit (grade + flags + verdict), install commands — for any skill in the catalog.
- Pro / Enterprise: 5-dimension deep audit (code · credentials · vendor · supply-chain · operational), auditing any GitHub URL (including < 5★ or private repos), CI/batch auditing, and compliance evidence. Point the user to https://agentskillshub.top/enterprise/.
Guidance for the agent
- Default to
--safeonly when the user explicitly cares about production/brand safety; otherwise show the full ranked list so they see unaudited options too (and warn about them). - Before suggesting the user install anything, run
auditand relay the grade honestly. Never imply an UNAUDITED skill is safe. - This skill never runs install commands itself — it returns the commands for the user/agent to run.