74
/ 100
17 days ago
glama

DPS-Superskills-MCP

Exposes 31 high-assurance agentic coding skills as MCP tools and resources, enabling AI agents to invoke structured workflows across DISCIPLINE, TECHNIQUE, KNOWLEDGE LAYER, and REFERENCE registers.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 6 credentials: GCP_KMS_ACCESS_TOKEN, MCP_API_KEY, MCP_ENCRYPTION_KEY, MCP_IDEMPOTENCY_SECRET, MCP_JWT_SECRET, VAULT_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 medium

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

mediumajv@8.17.1GHSA-2g4f-4pwh-qvx6

ajv has ReDoS when using `$data` option

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configALLOWED_HOSTS
configALLOWED_ORIGINS
configAWS_KMS_PENDING_WINDOW_DAYS
configAWS_KMS_REGION
configDEK_CACHE_MAX_USES
configDEK_CACHE_TTL_MS
configENABLE_QUOTA
configENABLE_RATE_LIMIT
🔐 secretGCP_KMS_ACCESS_TOKEN
configGCP_KMS_DESTROY_DURATION_HOURS
configGCP_KMS_KEYRING
configGCP_KMS_LOCATION
configGCP_KMS_PROJECT
configHTTP_HOST
configHTTP_PORT
configKMS_PROVIDER
configMCP_ALLOW_BEST_EFFORT_PLUGIN_SANDBOX
configMCP_ALLOW_LEGACY_SHA256_KDF
configMCP_ALLOW_SECRET_WRITE
configMCP_ALLOW_UNLIMITED_HTTP
configMCP_ALLOW_UNSAFE_PLUGIN_AUTO_DISCOVERY
🔐 secretMCP_API_KEY
configMCP_AUTHORIZATION_SERVERS
configMCP_AUTH_MODE
configMCP_ENABLE_SKILL_RESOURCESNote: Resources are fully protected by the same rate-limiting, quota, and Output Firewall pipelines as Tools. Enabled by default; can be disabled via =false.
configMCP_ENABLE_TEST_TOOLS
🔐 secretMCP_ENCRYPTION_KEY
configMCP_EXTERNAL_PLUGIN_FS_POLICY
configMCP_EXTERNAL_PLUGIN_MAX_OLD_SPACE_MB
configMCP_EXTERNAL_PLUGIN_MAX_STDERR_BYTES
configMCP_EXTERNAL_PLUGIN_NETWORK_POLICY
configMCP_EXTERNAL_PLUGIN_NODE_PERMISSION
configMCP_EXTERNAL_PLUGIN_TIMEOUT_MS
configMCP_HTTP_BODY_LIMIT
configMCP_IDEMPOTENCY_ERROR_TTL_SECONDS
configMCP_IDEMPOTENCY_RESULT_TTL_SECONDS
🔐 secretMCP_IDEMPOTENCY_SECRET
configMCP_IDEMPOTENCY_WORKING_TTL_SECONDS
configMCP_JWKS_ALLOWLIST
configMCP_JWKS_URI
configMCP_JWT_AUDIENCE
configMCP_JWT_ISSUER
configMCP_JWT_MAX_AGE_SECONDS
🔐 secretMCP_JWT_SECRET
configMCP_LOCK_ACQUIRE_DEADLINE_MS
configMCP_LOCK_TTL_MS
configMCP_OUTPUT_FIREWALL_PII_MODE
configMCP_PLUGIN_ALLOWLIST"": "system.tool.js,skills.tool.js,knowledge.tool.js",
configMCP_PLUGIN_AUTO_DISCOVERY
configMCP_PLUGIN_ISOLATION_MODE"": "policy",
configMCP_PLUGIN_PIN_MANIFEST
configMCP_PLUGIN_SHA256_ALLOWLIST
configMCP_PROJECT_ID"": "dps-superskills",
configMCP_PROTOCOL_MODE
configMCP_REDIS_MAX_BACKUPS
configMCP_REQUIRE_CRYPTO_ERASURE
configMCP_RESOURCE_URI
configMCP_SAFE_MODEfalse is required for kb_write / kb_update to function. In local stdio mode this is safe — no network exposure, no untrusted plugins.
configMCP_SECRET_ALLOWLIST
configMCP_SKILLS_PATH/custom/path/to/skills
configMCP_TASK_POLL_INTERVAL_MS
configMCP_TELEMETRY_MAX_BACKUPS
configMCP_TELEMETRY_MAX_BYTES
configMCP_TENANT_ID"": "tenant_local"
configMCP_TOOL_LIST_TTL_MS
configMCP_TOOL_TIMEOUT_MS
configMCP_TRUST_IDENTITY_HEADERS
configOTEL_EXPORTER_OTLP_ENDPOINT
configOTEL_SERVICE_NAME
configQUOTA_DAILY_LIMIT
configRATE_LIMIT_MAX_REQUESTS
configRATE_LIMIT_WINDOW_MS
configREDIS_URL
configSTORAGE_DRIVER
configTELEMETRY_DRIVER
configTRANSPORT_DRIVER"": "stdio",
configVAULT_ADDR
🔐 secretVAULT_TOKEN
configVAULT_TRANSIT_MOUNT
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/eilodon-dps-superskills-mcp-1r60t4)](https://m8ven.ai/mcp/eilodon-dps-superskills-mcp-1r60t4)
commit: c970ced785f06a618da8109e4a87e89813a77aca
code hash: 22b01b572d5d9b99cc9f38df4a603d74f26dfe4c03ca2372d4957ea883cffeb4
verified: 6/24/2026, 9:58:28 AM
view raw JSON →