Skip to main content
Glama
Skvil-IA

skvil-mcp

by Skvil-IA
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

skvil_verify

Verify AI agent skills for safety by checking reputation scores, risk levels, certification status, and community scan data using SHA-256 composite hashes.

Instructions

Check if an AI agent skill is safe before installing it. Returns reputation score, risk level, certification status, and community scan data. Use this to verify any skill by its SHA-256 composite hash.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
hashYesSHA-256 composite hash of the skill (e.g. "sha256:4a2f8b...c81e")

Implementation Reference

  • src/tools.ts:21-118 (registration)
    Tool registration of skvil_verify - defines the tool name, description, input schema, and handler function that processes verification requests and formats the response with reputation score, risk level, certification status, and behavioral analysis findings.
    // ── skvil_verify ──────────────────────────────────────────────────────────
server.tool(
  'skvil_verify',
  'Check if an AI agent skill is safe before installing it. Returns reputation ' +
    'score, risk level, certification status, and community scan data. ' +
    'Use this to verify any skill by its SHA-256 composite hash.',
  { hash: hashSchema },
  async ({ hash }) => {
    try {
      const result = await api.verify(hash);

      if (!result.known) {
        return {
          content: [
            {
              type: 'text',
              text:
                `**Unknown skill** (${hash})\n\n` +
                'This skill has never been scanned by the Skvil network.\n' +
                'It has no reputation data or certification.\n\n' +
                '**Recommendation:** Do not install without scanning first.',
            },
          ],
        };
      }

      const score = result.reputation_score ?? 0;
      const totalScans = result.total_scans ?? 0;

      const lines: string[] = [
        `**Skill verification: ${hash}**\n`,
        `- **Reputation score:** ${formatScore(score)}`,
        `- **Total community scans:** ${totalScans}`,
        `- **Risk level:** ${result.risk_summary?.last_risk_level ?? 'unknown'}`,
      ];

      if (result.certification) {
        lines.push(`- **Certification:** ${result.certification}`);
      } else {
        lines.push('- **Certification:** none');
      }

      if (result.confirmed_malicious) {
        lines.push(
          '\n**CONFIRMED MALICIOUS** — a Skvil admin has verified this skill is dangerous.',
        );
        lines.push('Do NOT install this skill.');
      }

      if (result.risk_summary) {
        const f = result.risk_summary.findings_by_severity;
        const critical = f.critical ?? 0;
        const high = f.high ?? 0;
        const medium = f.medium ?? 0;
        const low = f.low ?? 0;
        if (critical > 0 || high > 0) {
          lines.push(
            `\n**Findings:** ${critical} critical, ${high} high, ${medium} medium, ${low} low`,
          );
        }
      }

      if (result.crucible) {
        lines.push(`\n**Crucible behavioral analysis:** ${result.crucible.status}`);
        lines.push(`- Behavioral score: ${result.crucible.score}`);
        if (result.crucible.behavioral_findings.length > 0) {
          const descriptions = result.crucible.behavioral_findings
            .map((f) => f.description)
            .join(', ');
          lines.push(`- Findings: ${descriptions}`);
        }
      }

      // Decision recommendation
      lines.push('\n**Recommendation:**');
      if (result.confirmed_malicious) {
        lines.push('Do NOT install. This skill has been confirmed malicious.');
      } else if (result.crucible?.status === 'malicious') {
        lines.push('Do NOT install. Behavioral analysis detected malicious activity.');
      } else if (score >= 80 && result.certification) {
        lines.push(
          `Safe to install. This skill is certified (${result.certification}) ` +
            'with a strong reputation score.',
        );
      } else if (score >= 60) {
        lines.push('Likely safe, but not yet certified. Install with caution.');
      } else if (score < 40) {
        lines.push('Do NOT install. Low reputation score indicates potential risk.');
      } else {
        lines.push('Proceed with caution. Review findings before installing.');
      }

      return { content: [{ type: 'text', text: lines.join('\n') }] };
    } catch (error) {
      return { content: [{ type: 'text', text: formatError('verify', error) }], isError: true };
    }
  },
);
  • src/tools.ts:28-117 (handler)
    Handler function that executes the skvil_verify tool logic - calls api.verify(), checks if skill is known, formats reputation scores, risk levels, certifications, malicious confirmations, and provides installation recommendations based on the verification results.
    async ({ hash }) => {
  try {
    const result = await api.verify(hash);

    if (!result.known) {
      return {
        content: [
          {
            type: 'text',
            text:
              `**Unknown skill** (${hash})\n\n` +
              'This skill has never been scanned by the Skvil network.\n' +
              'It has no reputation data or certification.\n\n' +
              '**Recommendation:** Do not install without scanning first.',
          },
        ],
      };
    }

    const score = result.reputation_score ?? 0;
    const totalScans = result.total_scans ?? 0;

    const lines: string[] = [
      `**Skill verification: ${hash}**\n`,
      `- **Reputation score:** ${formatScore(score)}`,
      `- **Total community scans:** ${totalScans}`,
      `- **Risk level:** ${result.risk_summary?.last_risk_level ?? 'unknown'}`,
    ];

    if (result.certification) {
      lines.push(`- **Certification:** ${result.certification}`);
    } else {
      lines.push('- **Certification:** none');
    }

    if (result.confirmed_malicious) {
      lines.push(
        '\n**CONFIRMED MALICIOUS** — a Skvil admin has verified this skill is dangerous.',
      );
      lines.push('Do NOT install this skill.');
    }

    if (result.risk_summary) {
      const f = result.risk_summary.findings_by_severity;
      const critical = f.critical ?? 0;
      const high = f.high ?? 0;
      const medium = f.medium ?? 0;
      const low = f.low ?? 0;
      if (critical > 0 || high > 0) {
        lines.push(
          `\n**Findings:** ${critical} critical, ${high} high, ${medium} medium, ${low} low`,
        );
      }
    }

    if (result.crucible) {
      lines.push(`\n**Crucible behavioral analysis:** ${result.crucible.status}`);
      lines.push(`- Behavioral score: ${result.crucible.score}`);
      if (result.crucible.behavioral_findings.length > 0) {
        const descriptions = result.crucible.behavioral_findings
          .map((f) => f.description)
          .join(', ');
        lines.push(`- Findings: ${descriptions}`);
      }
    }

    // Decision recommendation
    lines.push('\n**Recommendation:**');
    if (result.confirmed_malicious) {
      lines.push('Do NOT install. This skill has been confirmed malicious.');
    } else if (result.crucible?.status === 'malicious') {
      lines.push('Do NOT install. Behavioral analysis detected malicious activity.');
    } else if (score >= 80 && result.certification) {
      lines.push(
        `Safe to install. This skill is certified (${result.certification}) ` +
          'with a strong reputation score.',
      );
    } else if (score >= 60) {
      lines.push('Likely safe, but not yet certified. Install with caution.');
    } else if (score < 40) {
      lines.push('Do NOT install. Low reputation score indicates potential risk.');
    } else {
      lines.push('Proceed with caution. Review findings before installing.');
    }

    return { content: [{ type: 'text', text: lines.join('\n') }] };
  } catch (error) {
    return { content: [{ type: 'text', text: formatError('verify', error) }], isError: true };
  }
},
  • src/tools.ts:6-11 (schema)
    Input schema definition for skvil_verify - defines hashSchema using zod to validate the SHA-256 composite hash parameter (must be 'sha256:' followed by 64 hex characters).
    const HASH_PATTERN = /^sha256:[a-f0-9]{64}$/;

const hashSchema = z
  .string()
  .regex(HASH_PATTERN, 'Must be "sha256:" followed by 64 hex characters')
  .describe('SHA-256 composite hash of the skill (e.g. "sha256:4a2f8b...c81e")');
  • src/types.ts:10-33 (schema)
    Type definition for VerifyResponse - defines the structure of the API response including known status, reputation score, total scans, certification, confirmed malicious flag, risk summary with findings by severity, and crucible behavioral analysis results.
    export interface VerifyResponse {
  known: boolean;
  reputation_score?: number;
  total_scans?: number;
  certification?: string | null;
  confirmed_malicious?: boolean;
  risk_summary?: {
    last_score: number;
    last_risk_level: 'safe' | 'caution' | 'danger';
    findings_by_severity: {
      critical?: number;
      high?: number;
      medium?: number;
      low?: number;
    };
  };
  crucible?: {
    status: 'clean' | 'suspicious' | 'malicious';
    score: number;
    certified: boolean;
    behavioral_findings: BehavioralFinding[];
    analyzed_at: string;
  } | null;
}
  • src/api.ts:124-127 (helper)
    API function that makes the actual HTTP GET request to /verify/{hash} endpoint - uses the request helper with retry logic, timeout handling, and proper error handling to fetch verification data from the Skvil server.
    /** Check if a skill is safe by its composite hash. */
export async function verify(hash: string): Promise<VerifyResponse> {
  return request<VerifyResponse>('GET', `/verify/${encodeURIComponent(hash)}`);
}
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Skvil-IA/skvil-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server