{"id":"beab033f-966b-40ca-b8e1-57ff316e436c","shortId":"VmUmx6","kind":"skill","title":"plugin-only-agent-surface-gating","tagline":"Skip agent-declared MCP servers when strict plugin-only mode is active unless the agent is admin-trusted, keeping the session secure.","description":"# SKILL: Plugin-Only Agent Surface Gating\n**Domain:** permission-gating\n**Trigger:** Apply this when an agent tries to extend its MCP surface while the session enforces plugin-only MCP access.\n**Source Pattern:** Distilled from reviewed agent trust-boundary and plugin-only surface-gating implementations.\n\n## Core Method\nBefore connecting any agent-specific MCP servers, check whether the session is locked to plugin-only extension mode. If it is, allow the extra MCP connections only for trusted agent definitions such as built-ins or approved plugins. Untrusted or user-controlled agent definitions should continue without creating new clients, while logging the gating decision clearly. This prevents policy bypasses without breaking trusted packaged agents.\n\n## Key Rules\n- Check the plugin-only policy before any MCP initialization begins.\n- Treat approved built-in or packaged agents as trusted, so their declared MCP integrations remain honored.\n- Log a warning when skipping servers so telemetry captures the change in behavior.\n- Always return the parent clients and an empty cleanup callback when gating is active to avoid downstream failures.\n\n## Example Application\nWhen running in a highly regulated environment, reuse this heuristic before initializing agent MCP servers so only pre-approved agents can expand the MCP surface and user scripts cannot sneak new servers in.\n\n## Anti-Patterns (What NOT to do)\n- Don’t let user-specified agents create external MCP connections while plugin-only mode is enabled; that defeats the security setting.\n- Don’t apply the gate uniformly without checking admin trust; built-in agents still need their MCP servers even when plugin-only is true.","tags":["plugin","only","agent","surface","gating","cskill","agents","ychampion","agent-skills","ai-agents","cli","coding-agents"],"capabilities":["skill","source-ychampion","skill-plugin-only-agent-surface-gating","topic-agent-skills","topic-ai-agents","topic-cli","topic-coding-agents","topic-context-engineering","topic-developer-tools","topic-mcp","topic-multi-agent","topic-terminal-ui"],"categories":["cskill-agents"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/ychampion/cskill-agents/plugin-only-agent-surface-gating","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add ychampion/cskill-agents","source_repo":"https://github.com/ychampion/cskill-agents","install_from":"skills.sh"}},"qualityScore":"0.467","qualityRationale":"deterministic score 0.47 from registry signals: · indexed on github topic:agent-skills · 34 github stars · SKILL.md body (1,696 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-04-22T00:56:53.913Z","embedding":null,"createdAt":"2026-04-18T22:20:55.635Z","updatedAt":"2026-04-22T00:56:53.913Z","lastSeenAt":"2026-04-22T00:56:53.913Z","tsv":"'access':63 'activ':20,208 'admin':26,287 'admin-trust':25 'agent':4,9,23,36,48,69,87,114,129,151,172,227,235,262,292 'agent-declar':8 'agent-specif':86 'allow':106 'alway':195 'anti':250 'anti-pattern':249 'appli':44,281 'applic':214 'approv':122,166,234 'avoid':210 'begin':164 'behavior':194 'boundari':72 'break':148 'built':119,168,290 'built-in':118,167,289 'bypass':146 'callback':204 'cannot':244 'captur':190 'chang':192 'check':91,154,286 'cleanup':203 'clear':142 'client':136,199 'connect':84,110,266 'continu':132 'control':128 'core':81 'creat':134,263 'decis':141 'declar':10,177 'defeat':275 'definit':115,130 'distil':66 'domain':39 'downstream':211 'empti':202 'enabl':273 'enforc':58 'environ':221 'even':298 'exampl':213 'expand':237 'extend':51 'extens':101 'extern':264 'extra':108 'failur':212 'gate':6,38,42,79,140,206,283 'heurist':224 'high':219 'honor':181 'implement':80 'in':120 'initi':163,226 'integr':179 'keep':28 'key':152 'let':258 'lock':96 'log':138,182 'mcp':11,53,62,89,109,162,178,228,239,265,296 'method':82 'mode':18,102,271 'need':294 'new':135,246 'packag':150,171 'parent':198 'pattern':65,251 'permiss':41 'permission-g':40 'plugin':2,16,34,60,75,99,123,157,269,301 'plugin-on':15,33,59,74,98,156,268,300 'plugin-only-agent-surface-g':1 'polici':145,159 'pre':233 'pre-approv':232 'prevent':144 'regul':220 'remain':180 'return':196 'reus':222 'review':68 'rule':153 'run':216 'script':243 'secur':31,277 'server':12,90,187,229,247,297 'session':30,57,94 'set':278 'skill':32 'skill-plugin-only-agent-surface-gating' 'skip':7,186 'sneak':245 'sourc':64 'source-ychampion' 'specif':88 'specifi':261 'still':293 'strict':14 'surfac':5,37,54,78,240 'surface-g':77 'telemetri':189 'topic-agent-skills' 'topic-ai-agents' 'topic-cli' 'topic-coding-agents' 'topic-context-engineering' 'topic-developer-tools' 'topic-mcp' 'topic-multi-agent' 'topic-terminal-ui' 'treat':165 'tri':49 'trigger':43 'true':304 'trust':27,71,113,149,174,288 'trust-boundari':70 'uniform':284 'unless':21 'untrust':124 'user':127,242,260 'user-control':126 'user-specifi':259 'warn':184 'whether':92 'without':133,147,285","prices":[{"id":"4c2899fa-7c53-4880-8ca3-7c27bb6d32ea","listingId":"beab033f-966b-40ca-b8e1-57ff316e436c","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"ychampion","category":"cskill-agents","install_from":"skills.sh"},"createdAt":"2026-04-18T22:20:55.635Z"}],"sources":[{"listingId":"beab033f-966b-40ca-b8e1-57ff316e436c","source":"github","sourceId":"ychampion/cskill-agents/plugin-only-agent-surface-gating","sourceUrl":"https://github.com/ychampion/cskill-agents/tree/main/skills/plugin-only-agent-surface-gating","isPrimary":false,"firstSeenAt":"2026-04-18T22:20:55.635Z","lastSeenAt":"2026-04-22T00:56:53.913Z"}],"details":{"listingId":"beab033f-966b-40ca-b8e1-57ff316e436c","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"ychampion","slug":"plugin-only-agent-surface-gating","github":{"repo":"ychampion/cskill-agents","stars":34,"topics":["agent-skills","ai-agents","cli","coding-agents","context-engineering","developer-tools","mcp","multi-agent","terminal-ui"],"license":"mit","html_url":"https://github.com/ychampion/cskill-agents","pushed_at":"2026-04-04T14:13:23Z","description":"Agent skills for coding CLIs, multi-agent runtimes, context engines, MCP extensions, and terminal tooling. Instead of using claude code's source code, give your agent skills to create your own!","skill_md_sha":"67ee4e76bc08a476dba9f5a8bcc06118b8267bf5","skill_md_path":"skills/plugin-only-agent-surface-gating/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/ychampion/cskill-agents/tree/main/skills/plugin-only-agent-surface-gating"},"layout":"multi","source":"github","category":"cskill-agents","frontmatter":{"name":"plugin-only-agent-surface-gating","description":"Skip agent-declared MCP servers when strict plugin-only mode is active unless the agent is admin-trusted, keeping the session secure."},"skills_sh_url":"https://skills.sh/ychampion/cskill-agents/plugin-only-agent-surface-gating"},"updatedAt":"2026-04-22T00:56:53.913Z"}}