The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a local shell script to verify that the project is using correct and safe alpha versions of the MCP SDK packages.
Evidence: scripts/check-mcp-server-v2-version.sh uses Node.js to parse the local package.json and validate version strings against safe patterns. This is an expected utility for a developer-oriented skill.
[EXTERNAL_DOWNLOADS]: The instructions direct the user to install official packages from the @modelcontextprotocol scope and use debugging tools from @anthropic-ai.
Evidence: SKILL.md and various guides recommend commands like npm install --save-exact @modelcontextprotocol/server@2.0.0-alpha.2 and npx @anthropic-ai/mcp-inspector. These are official, well-known resources necessary for the skill's purpose.
[SAFE]: The skill includes explicit security guidance for developers, such as implementing DNS rebinding protection via hostHeaderValidation and sanitizing file paths and URLs in tool handlers.
Evidence: Found in references/guides/authentication.md and references/patterns/production-patterns.md, which provide code examples for sanitizePath and sanitizeUrl to prevent directory traversal and SSRF.

build-mcp-server-sdk-v2