Skip to content

docs(mcp): surface install extra in quick-start and add stdio caveat #216

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
rodboev wants to merge 1 commit into
base: main
Choose a base branch
from
+21 −9
Open

docs(mcp): surface install extra in quick-start and add stdio caveat #216

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 16 additions & 5 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,19 @@ SkillSpector helps you answer: **"Is this skill safe to install?"**

Create and activate a virtual environment first (all `make` targets assume the venv is active). Use **uv** or **pip**; the Makefile uses `uv` if available, otherwise `pip`.

**Quick install with uv (no clone required):**
**Quick install with uv (CLI-only):**

```bash
uv tool install git+https://github.com/NVIDIA/skillspector.git
# Update later: uv tool update skillspector
```

If you plan to run `skillspector mcp`, install the MCP extra at install time:

```bash
uv tool install 'skillspector[mcp] @ git+https://github.com/NVIDIA/skillspector.git'
```

**From source:**

```bash
Expand Down Expand Up @@ -228,17 +234,22 @@ runtime can call scanning as a tool and **gate skill/MCP installs on the
result** — turning SkillSpector into a runtime guardrail instead of an
out-of-band audit step.

`skillspector mcp` requires `skillspector[mcp]`.

```bash
# Install the optional MCP dependency
pip install "skillspector[mcp]"
# Install, or reinstall if you already used the CLI-only path
uv tool install --force 'skillspector[mcp] @ git+https://github.com/NVIDIA/skillspector.git'

# stdio transport for local CLI agents
# FastMCP stdio transport for local CLI agents
skillspector mcp

# streamable HTTP/SSE transport for remote / A2A callers
# streamable HTTP/SSE transport for remote / A2A callers
skillspector mcp --transport http --host 127.0.0.1 --port 8000
```

The stdio transport is the current FastMCP path for local CLI agents, and the
initialize hang reported in issue #199 still applies there.

The server exposes a single tool:

- **`scan_skill(target, use_llm=true, output_format="json")`** — scans a Git
Expand Down
9 changes: 5 additions & 4 deletions src/skillspector/cli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ def mcp(
typer.Option(
"--transport",
"-t",
help="Transport: stdio for local CLI agents, http for remote/A2A callers.",
help="Transport: FastMCP stdio for local CLI agents, http for remote/A2A callers.",
case_sensitive=False,
),
] = TransportChoice.stdio,
Expand All @@ -460,12 +460,13 @@ def mcp(
Codex CLI, Gemini CLI) or remote runtime can scan a skill and gate installs
on the verdict.

Requires the optional mcp extra. Reinstall the GitHub tool package with
that extra enabled, as shown in the README Quick Start section.

Examples:

skillspector mcp # stdio (local agents)
skillspector mcp # FastMCP stdio for local CLI agents
skillspector mcp --transport http --port 8000

Requires the optional ``mcp`` dependency: pip install "skillspector[mcp]".
"""
try:
from skillspector.mcp_server import run as run_mcp
Expand Down
Loading