npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

building-website-mcps

v1.0.0

Published

Evidence-gated Codex and Claude Code skill for turning authorized websites into MCP servers.

Readme

Build an MCP from a website

building-website-mcps helps an agent turn a website, web app, public API, or local CLI into an MCP server. Give it a service you are allowed to use, and it works through the boring but important parts: how to authenticate, which routes and actions exist, what is safe to expose, and which actions still need a human in the loop.

It does not treat a scraped endpoint as ready for production. The skill maps what it finds, tests it, and only exposes an action after there is real proof it works.

Install

Install it for Codex:

npx building-website-mcps install --target codex

Or install it for Claude Code:

npx building-website-mcps install --target claude

The installer puts the skill in your personal skills folder:

| Tool | Location | Use it as | | --- | --- | --- | | Codex | ~/.codex/skills/building-website-mcps | $building-website-mcps | | Claude Code | ~/.claude/skills/building-website-mcps | /building-website-mcps |

It will not replace an existing install unless you add --force. To use a different directory, add --dest <skills-directory>.

Claude Code uses the same standard SKILL.md layout for personal skills. See the Claude Code skills docs for its skill discovery rules.

What to ask for

Try one of these:

Use $building-website-mcps to build a safe MCP for this authorized service.

Map this public API, then give me a small MCP for the actions that are actually proven.

Turn this local CLI into an MCP. Do not use a shell or make up commands.

The skill keeps a record of its work, so a later agent can pick up where the last one stopped instead of starting over.

What you get

For an authorized target, the skill can produce:

  • An auth plan that keeps credentials out of saved artifacts.
  • An OpenAPI map for HTTP routes and an action graph for UI and CLI work.
  • A compact MCP with tools for finding, understanding, planning, and running supported actions.
  • A companion skill that explains setup and safe use to the next agent.
  • Tests for normal use, error cases, full workflows, and response size and speed.

It keeps UI-only actions separate from stable HTTP or CLI operations. It also asks for confirmation before writes and keeps actions hidden until they pass fresh contract or end-to-end tests.

What it has been tested against

The repository includes three runnable local apps:

| Example | Covers | | --- | --- | | Public catalog | Anonymous reads and document downloads | | Session admin | Session recovery, CRUD, batch work, imports, exports, and confirmed writes | | Hybrid CLI | HTTP calls alongside typed local CLI commands |

These are real local HTTP and CLI processes. They are not mocked network calls.

Run the checks yourself

You only need Python 3.10 or newer:

WEBSITE_MCP_APPROVAL_KEY=local-fixture-key \
  PYTHONPATH=building-website-mcps/tests \
  python3 building-website-mcps/scripts/run_fixture_matrix.py \
  --output /tmp/website-mcp-matrix.json

python3 building-website-mcps/scripts/benchmark_mcp.py \
  --matrix /tmp/website-mcp-matrix.json \
  --output /tmp/website-mcp-benchmark.json --iterations 5

PYTHONDONTWRITEBYTECODE=1 python3 -m unittest discover \
  -s building-website-mcps/tests -p 'test_*.py' -q

There is also a cold-agent trace in building-website-mcps/evals/traces/. It comes from a real collaboration-agent run, but it is not independent external agent evidence and its timing and response-size fields were not instrumented.

Safety

Use this with public surfaces or accounts and data you are allowed to access. It does not bypass logins, CAPTCHAs, rate limits, or anti-bot protections. Saved artifacts use secret references instead of raw passwords, cookies, or tokens.

For the full build contract, see building-website-mcps/SKILL.md.