npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

mcp-services

v2.3.5

Published

Multi-tool MCP server + REST API for AI agents. 29 tools: web scraping, SEO toolkit, agent memory, screenshot, PDF, PDF-to-DOCX, WHOIS, DNS, SSL, OCR, HTML-to-Markdown, multi-chain blockchain data, and security toolkit (URL scanning, wallet check, contrac

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

san-clementesan-clemente

Keywords

mcpmodel-context-protocolai-agentsweb-scrapingseoserpkeyword-researchagent-memoryscreenshotpdfwhoisdnssslblockchainocrhtml2mdx402micropaymentsethereumcelobasesecurityphishingthreat-intelligenceurl-scannerwallet-checkcontract-auditheader-auditvirustotalabuseipdb

Readme

MCP Services

Multi-tool MCP server + REST API for AI agents. 29 tools across web scraping, SEO analysis, agent memory, screenshot/PDF generation, domain intelligence, content extraction, multi-chain EVM blockchain queries, and security toolkit.

Live: mcp.skills.ws | Docs: llms.txt | npm: npm install -g mcp-services

Quick Start

Use the hosted version (no setup)

Add to your MCP client config (Claude Desktop, Cursor, OpenClaw, etc.):

{
  "mcpServers": {
    "mcp-services": {
      "url": "https://mcp.skills.ws/mcp/sse"
    }
  }
}

Free tier: 10 calls/day, no auth needed.

Self-host

npm install -g mcp-services
mcp-services
# -> running on http://localhost:3100

Tools (29)

Web Scraping

| Tool | Endpoint | Description | |------|----------|-------------| | scrape | GET /api/scrape | URL to clean Markdown with headings, lists, links, code blocks, tables | | crawl | GET /api/crawl | Crawl a site from starting URL, follow internal links (depth 1-3, max 20 pages) | | extract | GET /api/extract | Extract structured data: JSON-LD, Open Graph, meta tags, headings, links, images, tables |

SEO Toolkit

| Tool | Endpoint | Description | |------|----------|-------------| | serp | GET /api/serp | Google SERP scraping -- top 20 results, People Also Ask, featured snippets, related searches | | onpage_seo | GET /api/onpage-seo | Full on-page SEO audit with score (0-100) -- title, meta, headings, images, schema, Open Graph | | keywords_suggest | GET /api/keywords | Google Autocomplete keyword suggestions with A-Z expansion (100+ ideas) |

Agent Memory

| Tool | Endpoint | Description | |------|----------|-------------| | memory_store | POST /api/memory | Store a memory (key-value, namespace-scoped, with tags). Upserts on key conflict | | memory_get | GET /api/memory | Retrieve a memory by namespace + key | | memory_search | GET /api/memory/search | Full-text search across memories in a namespace | | memory_list | GET /api/memory/list | List all memories in a namespace with pagination | | memory_delete | DELETE /api/memory | Delete a memory by namespace + key |

Screenshot & PDF

| Tool | Endpoint | Description | |------|----------|-------------| | screenshot | GET /api/screenshot | PNG/JPEG screenshot of any URL | | pdf | GET /api/pdf | Generate PDF of any URL | | pdf2docx | GET /api/pdf2docx | Convert PDF (from URL) to Word/DOCX -- text extraction with heading detection |

Content Extraction

| Tool | Endpoint | Description | |------|----------|-------------| | html2md | GET /api/html2md | Fetch URL, strip nav/ads/scripts, convert to Markdown | | ocr | GET /api/ocr | Extract text from image URL via Tesseract.js OCR |

Domain Intelligence

| Tool | Endpoint | Description | |------|----------|-------------| | whois | GET /api/whois | WHOIS registrar, creation date, expiry, name servers | | dns | GET /api/dns | DNS records -- A, AAAA, MX, NS, TXT, CNAME, SOA, or ALL | | ssl | GET /api/ssl | SSL certificate issuer, validity dates, expiry countdown, fingerprint |

Blockchain (6 EVM chains)

| Tool | Endpoint | Description | |------|----------|-------------| | balance | GET /api/chain/balance | Native token balance for any address | | erc20_balance | GET /api/chain/erc20 | ERC20 token balance, symbol, decimals | | transaction | GET /api/chain/tx | Transaction details -- from, to, value, gas, status |

Supported chains: Ethereum, Base, Arbitrum, Optimism, Polygon, Celo

Security Toolkit

| Tool | Endpoint | Description | |------|----------|-------------| | url_scan | GET /api/security/url-scan | Phishing & malware detection -- VirusTotal + heuristics (typosquatting, homoglyphs, suspicious TLDs, free hosting) | | wallet_check | GET /api/security/wallet-check | Ethereum wallet risk assessment -- Etherscan verification, tx patterns, OFAC sanctions, address poisoning warnings | | contract_scan | GET /api/security/contract-scan | Smart contract honeypot & risk detection -- Honeypot.is + source code analysis (mint, blacklist, fee manipulation, proxy) | | email_headers | GET /api/security/email-headers | Email authentication check -- SPF, DKIM, DMARC, MX records via DNS | | threat_intel | GET /api/security/threat-intel | IOC lookup -- AbuseIPDB + VirusTotal + OTX AlienVault with weighted confidence scoring for IPs, domains, URLs, hashes | | header_audit | GET /api/security/header-audit | Security header score (0-100) -- HSTS, CSP, X-Content-Type-Options, X-Frame-Options, Referrer-Policy, Permissions-Policy, cookie flags | | vuln_headers | GET /api/security/vuln-headers | Information leakage detection -- Server version, X-Powered-By, debug headers, CORS misconfiguration |

Security tools degrade gracefully without API keys (heuristics-only mode). Optional keys: VT_API_KEY, ABUSEIPDB_API_KEY, ETHERSCAN_API_KEY.

Authentication

Three tiers -- use whichever fits:

| Tier | How | Limit | Cost | |------|-----|-------|------| | Free | No auth needed | 10 calls/day per IP | $0 | | API Key | X-Api-Key header or ?apikey= query param | Unlimited | $9/mo | | x402 | X-Payment header | Pay per call | $0.005/call |

API Key

Subscribe via Stripe to get an unlimited API key:

# 1. Create checkout session
curl -X POST https://mcp.skills.ws/billing/checkout
# Returns: { "url": "https://checkout.stripe.com/..." }

# 2. Complete payment at the Stripe URL
# 3. You'll receive your API key on the success page (shown once only -- save it)

# 4. Use it
curl -H "X-Api-Key: mcp_your_key" "https://mcp.skills.ws/api/whois?domain=example.com"

x402 Pay-per-call

No account needed. Pay with USDC or USDT on Base or Celo. x402-compatible agents handle payment automatically.

curl -H "X-Payment: <base64-encoded-json>" "https://mcp.skills.ws/api/screenshot?url=https://example.com"

REST API

All tools are also available as REST endpoints:

# Web Scraping
curl "https://mcp.skills.ws/api/scrape?url=https://example.com"
curl "https://mcp.skills.ws/api/crawl?url=https://example.com&depth=2&maxPages=10"
curl "https://mcp.skills.ws/api/extract?url=https://example.com"

# SEO
curl "https://mcp.skills.ws/api/serp?keyword=mcp+server"
curl "https://mcp.skills.ws/api/onpage-seo?url=https://example.com"
curl "https://mcp.skills.ws/api/keywords?keyword=ai+agents"

# Memory
curl -X POST "https://mcp.skills.ws/api/memory" \
  -H "Content-Type: application/json" \
  -d '{"namespace":"my-agent","key":"greeting","value":"Hello world","tags":["demo"]}'
curl "https://mcp.skills.ws/api/memory?namespace=my-agent&key=greeting"
curl "https://mcp.skills.ws/api/memory/search?namespace=my-agent&query=hello"

# Domain Intelligence
curl "https://mcp.skills.ws/api/whois?domain=example.com"
curl "https://mcp.skills.ws/api/dns?domain=example.com&type=ALL"
curl "https://mcp.skills.ws/api/ssl?domain=example.com"

# Content
curl "https://mcp.skills.ws/api/screenshot?url=https://example.com&format=png"
curl "https://mcp.skills.ws/api/pdf?url=https://example.com"
curl "https://mcp.skills.ws/api/pdf2docx?url=https://example.com/document.pdf"

# Blockchain
curl "https://mcp.skills.ws/api/chain/balance?address=0x...&chain=ethereum"
curl "https://mcp.skills.ws/api/chain/erc20?address=0x...&token=0x...&chain=celo"

# Security
curl "https://mcp.skills.ws/api/security/url-scan?url=https://suspicious-site.com"
curl "https://mcp.skills.ws/api/security/wallet-check?address=0x...&chain=ethereum"
curl "https://mcp.skills.ws/api/security/contract-scan?address=0x...&chainId=1"
curl "https://mcp.skills.ws/api/security/email-headers?domain=example.com"
curl "https://mcp.skills.ws/api/security/threat-intel?ioc=8.8.8.8&type=ip"
curl "https://mcp.skills.ws/api/security/header-audit?url=https://example.com"
curl "https://mcp.skills.ws/api/security/vuln-headers?url=https://example.com"

Environment Variables

| Variable | Default | Description | |----------|---------|-------------| | PORT | 3100 | Server port | | CHROMIUM_PATH | /usr/bin/chromium-browser | Path to Chromium | | MAX_BROWSERS | 3 | Max concurrent browser instances | | MAX_SSE_SESSIONS | 50 | Max MCP SSE sessions | | FREE_DAILY_LIMIT | 10 | Free tier daily limit | | API_KEYS | -- | Comma-separated valid API keys | | ADMIN_SECRET | -- | Secret for admin endpoints | | STRIPE_SK | -- | Stripe API key for Pro subscriptions | | STRIPE_WEBHOOK_SECRET | -- | Stripe webhook signing secret | | X402_PRICE_USD | 0.005 | x402 price per call | | X402_RECEIVER | -- | x402 payment receiver address | | MEMORY_DB_PATH | ./data/memory.db | SQLite memory database path | | VT_API_KEY | -- | VirusTotal API key (free: 4/min, 500/day) | | ABUSEIPDB_API_KEY | -- | AbuseIPDB API key (free: 1000/day) | | ETHERSCAN_API_KEY | -- | Etherscan API key (free: 5/sec) |

Security

  • SSRF protection: URL validation + DNS pre-resolution + private IP blocking + Puppeteer request interception
  • Domain validation: regex allowlist prevents command injection
  • Input sanitization: format validation per IOC type, address format checks, chain allowlists
  • Memory namespace isolation per auth tier (API key hash, IP, or x402)
  • Rate limiting on free tier
  • Resource limits: max concurrent browsers, SSE sessions, PDF size cap, 5MB response body limit
  • Response size limits on external API fetches

Architecture

                  +------------------------------------+
                  |          Express Server             |
                  |                                     |
                  |  +---------+    +--------------+    |
  MCP SSE ------->  | MCP SDK |    |  Auth Layer   |   |
                  |  |  (SSE)  |    | free/key/x402 |   |
                  |  +---------+    +--------------+    |
                  |                                     |
  REST API ------>  +--------------------------------+  |
                  |  |        29 Tool Handlers        |  |
                  |  | scrape | crawl | extract       |  |
                  |  | serp | onpage_seo | keywords   |  |
                  |  | memory (5) | screenshot | pdf  |  |
                  |  | html2md | ocr | whois | dns    |  |
                  |  | ssl | balance | erc20 | tx     |  |
                  |  | url_scan | wallet_check        |  |
                  |  | contract_scan | email_headers   |  |
                  |  | threat_intel | header_audit     |  |
                  |  | vuln_headers                    |  |
                  |  +--------------------------------+  |
                  |        |              |              |
                  |  +-----+----+  +-----+----------+   |
                  |  | Puppeteer|  | viem (6 RPCs)   |   |
                  |  | Chromium |  | whois-json      |   |
                  |  |          |  | dns/promises    |   |
                  |  |          |  | security.js     |   |
                  |  +----------+  +-----------------+   |
                  |                                     |
  Stripe -------->  +--------------------------------+  |
  Webhooks        |  |   Billing (stripe.js)          |  |
                  |  |   checkout -> key provisioning  |  |
                  |  +--------------------------------+  |
                  +------------------------------------+

Stack

  • Runtime: Node.js 22 + Express
  • Browser: Puppeteer (Chromium) -- screenshots, PDF, OCR, html2md
  • Blockchain: viem -- 6 EVM chains via public RPCs
  • Security: VirusTotal, AbuseIPDB, Etherscan, Honeypot.is, OTX AlienVault + heuristics
  • Payments: Stripe (subscriptions), x402 protocol (stablecoins on Base/Celo)
  • MCP: @modelcontextprotocol/sdk with SSE transport
  • Hosting: Aleph Cloud (decentralized compute)

License

MIT -- Commit Media SARL