// Creates spec.yaml configurations for packaging MCP servers as containers. Use when adding a new MCP server to Dockyard, creating a spec.yaml file, or packaging npm/PyPI/Go MCP servers.
Scans MCP servers in the Dockyard repository for security issues using Cisco AI Defense mcp-scanner. Evaluates findings, identifies false positives, and updates security allowlists in spec.yaml files.
Reviews pull requests for MCP server updates in the Dockyard repository. Use when reviewing PRs that update MCP server versions (spec.yaml changes), add new MCP servers, or modify security allowlists. Evaluates against ToolHive registry criteria including security, provenance, and quality.
| name | package-mcp-server |
| description | Creates spec.yaml configurations for packaging MCP servers as containers. Use when adding a new MCP server to Dockyard, creating a spec.yaml file, or packaging npm/PyPI/Go MCP servers. |
This skill helps you package MCP servers for distribution via Dockyard containers.
Use this skill when:
Ask the user for:
@upstash/context7-mcp, mcp-clickhouse)If not provided, look up the package:
# For npm packages
npm view {package-name} version
npm view {package-name} repository.url
# For PyPI packages
curl -s https://pypi.org/pypi/{package-name}/json | jq -r '.info.version, .info.project_urls.Homepage'
| Package Type | Directory | Registry |
|---|---|---|
| Node.js/npm | npx/ | npm |
| Python/PyPI | uvx/ | PyPI |
| Go module | go/ | Go modules |
mkdir -p {protocol}/{server-name}
The server name should be:
@upstash/context7-mcp becomes context7Write the configuration file to {protocol}/{server-name}/spec.yaml:
# {Server Name} MCP Server Configuration
# Package: {package-registry-url}
# Repository: {source-repository-url}
# Will build as: ghcr.io/stacklok/dockyard/{protocol}/{name}:{version}
metadata:
name: {server-name}
description: "{brief-description}"
version: "{version}"
protocol: {npx|uvx|go}
spec:
package: "{full-package-name}"
version: "{exact-version}"
# args: # Optional: CLI arguments
# - "start" # Some packages need specific commands
provenance:
repository_uri: "{github-repo-url}"
repository_ref: "refs/tags/v{version}"
# Optional: Document attestations if available
# attestations:
# available: true
# verified: true
# publisher:
# kind: "GitHub"
# repository: "{owner/repo}"
# Build the dockhand CLI tool
task build-setup
Check if the package has provenance attestations:
# Check provenance
./build/dockhand verify-provenance -c {protocol}/{server-name}/spec.yaml -v
If provenance exists, update the spec.yaml with attestation information.
# Setup scanner (first time only)
task scan-setup
# Validate spec and generate Dockerfile
task build -- {protocol}/{server-name}
# Run security scan
task scan -- {protocol}/{server-name}
# Optional: Full build test
task test-build -- {protocol}/{server-name}
git add {protocol}/{server-name}/spec.yaml
git commit -m "feat: add {server-name} MCP server
Add packaging for {server-name} v{version}.
Package: {package-url}
Repository: {repo-url}"
@org/package-nameargs: ["start"])github.com/org/repov prefix: v0.3.1| Issue | Solution |
|---|---|
| Package not found | Verify exact name in registry |
| Version doesn't exist | Check available versions with npm view or PyPI API |
| Security scan fails | Review issues, add allowlist if false positive |
| Build fails | Check Dockerfile output with dockhand build -c spec.yaml |