Guide

Installing Claude Code skills & MCPs safely

Skills and MCP servers extend what Claude Code can do — but they run with your access. Here is how they work, the real risks, and what to check before you install anything from our skills or MCP directories.

Why this matters

A skill is a set of instructions Claude reads and follows. An MCP server is a small program that runs on your machine or a server you control. Both can be powerful — and both run with the same access you have: your files, your shell, your API keys.

That means a poorly-written or malicious skill or server could read sensitive files, run commands, or leak credentials. This is normal supply-chain risk, the same kind you manage when adding an npm package or a browser extension. It is very manageable — you just have to be deliberate about what you trust.

Ryzo curates the directories as a convenience. We do not author, endorse, or audit the third-party repositories listed there. Treat every entry as code from a stranger until you have checked it.

Before you install — a 5-point checklist

Run through these for any third-party skill or MCP server.

  1. 1

    Prefer official and well-known sources

    Anthropic's own repositories and widely-adopted, actively-maintained projects carry far less risk than an unknown repo with a handful of stars. Popularity is not proof, but obscurity is a flag.

  2. 2

    Read the SKILL.md / server code before installing

    A skill is just instructions Claude will follow; an MCP server is a program that runs on your machine. Open the source and skim what it actually does — especially anything that reads files, makes network calls, or touches credentials.

  3. 3

    Check what access it asks for

    MCP servers often need API keys or tokens. Give them the narrowest scope that works, store secrets in a manager (not plaintext), and never paste a token into a server you have not vetted.

  4. 4

    Pin to a specific version or commit

    A repo you trusted yesterday can change tomorrow. Where the tooling allows, pin to a release or commit you have reviewed rather than tracking the latest automatically.

  5. 5

    Watch for prompt injection

    Skills and the data MCP servers return can contain hidden instructions aimed at Claude. Treat third-party content as untrusted input, and be cautious about skills that ask Claude to run shell commands or exfiltrate data.

Installing skills & plugins

Most skill repositories are distributed as Claude Code plugins via a marketplace. In Claude Code you add the marketplace, then install the plugin you want — only after reviewing its source:

/plugin marketplace add owner/repo
/plugin install plugin-name@marketplace

Installing MCP servers

MCP servers are added with the Claude Code CLI (or in your client's config). Each server in our directory shows its own command; the general shape is:

claude mcp add name -- command-to-run-the-server

Command syntax changes as Claude Code evolves — always confirm the exact, current commands in the official Claude Code documentation.

← Skills directoryMCP directory →