Stats
Actions
Tags
How this skill is triggered — by the user, by Claude, or both
Slash command
/core:mcp [recommend | add <server> | debug | explain][recommend | add <server> | debug | explain]The summary Claude sees in its skill listing — used to decide when to auto-load this skill
An **MCP server** is an external process or endpoint that exposes tools, resources, and prompts to Claude over the Model Context Protocol. Claude connects to it over one of three transports (stdio, SSE, HTTP) and gains capabilities the built-in tools don't have: query a live database, drive a browser, read Sentry issues, search the web, persist memory across sessions.
An MCP server is an external process or endpoint that exposes tools, resources, and prompts to Claude over the Model Context Protocol. Claude connects to it over one of three transports (stdio, SSE, HTTP) and gains capabilities the built-in tools don't have: query a live database, drive a browser, read Sentry issues, search the web, persist memory across sessions.
This skill covers MCP at the project / repo level:
.mcp.json (checked into git, shared with the team)claude mcp add ... (CLI registration)~/.claude.json (your personal servers, all projects)For MCP bundled and distributed inside a plugin (.mcp.json at the plugin root, the mcpServers field in plugin.json), route to skills/plugin/SKILL.md (core:plugin).
Never read .env, .env.*, secrets/, *.pem, *.key, or *.cert (inherits the repo AGENTS.md protected-files rule).
Never inline an API key or token into .mcp.json or any config you write. Always reference an environment variable instead:
{ "env": { "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}" } }
For HTTP/SSE servers, put the secret in a header that resolves from the environment ("Authorization": "Bearer ${API_TOKEN}"). If a server genuinely needs a secret, tell the user which env var to export — do not ask them to paste the value to you.
If invoked as /mcp <action>, treat $ARGUMENTS as the action: recommend, add <server>, debug, or explain.
recommend / "which MCP server" / "what would help here" → Recommend flowadd <server> / "configure MCP" / "connect …" → Add flowdebug / "MCP won't connect" / "server not starting" → Debug flowexplain / "how does MCP work" / empty → Explain flow — do not write filesMap real repo signals to servers — never recommend a server for a service the repo doesn't use.
Delegate the repo signal scan to explore:explore (explore:explore) rather than reading source files directly from this flow. Ask it to surface: dependency manifests (package.json, pyproject.toml, go.mod, …), framework/ORM usage, database drivers, the git remote host, IaC and container files (docker-compose.yml, K8s manifests, Terraform), and monitoring SDKs. To discover canonical mappings for other intents, invoke core:skills-suggest.
Match the returned signals against reference/mcp-server-catalog.md. The "Detection patterns" table there is the fast path (signal → server).
Propose 1–2 servers per genuine need, each with a one-line why tied to the signal you found. Skip anything speculative. Then offer to wire up the chosen ones via the Add flow.
Surface this with AskUserQuestion before writing anything:
| Scope | Where | Best for |
|---|---|---|
| Project (recommended) | .mcp.json at repo root, checked into git | Teams — everyone gets the same servers |
| Local | claude mcp add --scope local … (stored per-project, not shared) | Personal/experimental servers in one repo |
| User | ~/.claude.json (or claude mcp add --scope user …) | Your own servers across all projects |
Default to project unless the server is personal or holds machine-specific paths. See reference/transports-and-scopes.md.
stdio (local command, the common case), SSE (remote streaming endpoint), or HTTP (remote request/response). The catalog entry tells you which one a given server uses.
Either a .mcp.json entry or the equivalent claude mcp add command — match the chosen scope. Reference secrets via env vars only (see the Secrets Safety block above).
{
"mcpServers": {
"supabase": {
"command": "npx",
"args": ["-y", "@supabase/mcp-server-supabase@latest"],
"env": { "SUPABASE_ACCESS_TOKEN": "${SUPABASE_ACCESS_TOKEN}" }
}
}
}
If .mcp.json already has an mcpServers block, add the new server as a sibling key — don't replace the whole object.
New .mcp.json servers prompt for trust on next session start. After registering, the user restarts Claude (or runs /mcp to inspect connected servers).
claude --mcp-debug surfaces the server's stdout/stderr and the connection handshake.stdio for a remote HTTP endpoint, or vice versa).${API_TOKEN} resolved empty.command not on PATH, or the npm package name is wrong.command + args by hand in a terminal to see the real error./mcp inside the session to confirm what actually loaded.If the user just wants to understand MCP, answer conceptually and write nothing:
| Question | Where |
|---|---|
| What is MCP? What does a server give Claude? | This file's intro + reference/mcp-server-catalog.md |
| stdio vs SSE vs HTTP? Which scope? | reference/transports-and-scopes.md |
| Project vs plugin-bundled MCP? | This file's intro — plugin-bundled MCP routes to core:plugin |
| How do I debug a server? | reference/transports-and-scopes.md |
.mcp.json leaks it to git. Reference ${VAR} and tell the user which var to export..mcp.json is a team contract. Checking it in gives the whole team identical servers — that's the point. Use local/user scope for anything personal or machine-specific..mcp.json / ~/.claude.json. Plugin-bundled MCP ships inside a plugin and is owned by core:plugin.claude --mcp-debugGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.
npx claudepluginhub shoto290/shoto --plugin core