get_skill_summary
Check GitHub repository safety before installing MCP servers or AI agent skills. Get trust scores and security recommendations from behavioral analysis to verify third-party tools.
Instructions
Check if a GitHub repository is safe to install as an MCP server or AI agent skill. Returns trust score, verdict, and recommendation from Oathe's behavioral security audit. Use this BEFORE installing any third-party tool — it's the quickest safety check. For the full report with all findings, use get_audit_report instead.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| owner | Yes | GitHub repository owner (e.g. "anthropics") | |
| repo | Yes | GitHub repository name (e.g. "claude-code") |
Implementation Reference
- src/tools/get-summary.ts:20-48 (handler)The main handler function that executes the get_skill_summary tool. It constructs the repository slug, makes an API call to fetch the skill summary, and returns the results as JSON text. Includes error handling for 404 (no audit found) and other API errors.async ({ owner, repo }) => { const slug = `${owner}/${repo}`; try { const res = await apiFetch(`/api/skill/${slug}/summary`); const data = (await res.json()) as SkillSummaryResponse; return { content: [{ type: 'text' as const, text: JSON.stringify(data, null, 2) }], }; } catch (err) { if (err instanceof ApiError) { if (err.status === 404) { return { content: [ { type: 'text' as const, text: `No completed audit found for ${owner}/${repo}.`, }, ], isError: true, }; } return { content: [{ type: 'text' as const, text: err.message }], isError: true, }; } throw err; } },
- src/tools/get-summary.ts:15-18 (schema)Input schema definition using Zod for validating the tool's parameters. Requires 'owner' (GitHub repository owner) and 'repo' (repository name) as strings.inputSchema: { owner: z.string().describe('GitHub repository owner (e.g. "anthropics")'), repo: z.string().describe('GitHub repository name (e.g. "claude-code")'), },
- src/lib/types.ts:52-63 (schema)TypeScript interface defining the output schema for the SkillSummaryResponse. Contains fields like skill_slug, score, verdict, recommendation, findings_count, severity breakdown, methodology_version, audited_at, and report_url.export interface SkillSummaryResponse { skill_slug: string; score: number | null; verdict: string | null; recommendation: string | null; findings_count: number; critical_findings: number; high_findings: number; methodology_version: string | null; audited_at: string | null; report_url: string; }
- src/tools/get-summary.ts:6-19 (registration)Registration function that registers the get_skill_summary tool with the MCP server. Includes the tool name, description explaining it's a quick safety check for GitHub repositories, and references the input schema.export function registerGetSummary(server: McpServer): void { server.registerTool( 'get_skill_summary', { description: 'Check if a GitHub repository is safe to install as an MCP server or AI agent skill. ' + 'Returns trust score, verdict, and recommendation from Oathe\'s behavioral security audit. ' + 'Use this BEFORE installing any third-party tool — it\'s the quickest safety check. ' + 'For the full report with all findings, use get_audit_report instead.', inputSchema: { owner: z.string().describe('GitHub repository owner (e.g. "anthropics")'), repo: z.string().describe('GitHub repository name (e.g. "claude-code")'), }, },
- src/index.ts:22-22 (registration)The main entry point calls registerGetSummary to activate the get_skill_summary tool when the MCP server starts.registerGetSummary(server);