About mpak

The Problem

MCP servers have privileged access to AI agent execution environments. They can read files, execute code, call APIs, and access databases. Yet today, installing an MCP server means downloading unvetted code from scattered sources with no security scanning, no trust signals, and no standardized packaging.

General-purpose registries like npm and PyPI were not designed for this threat model. They don't scan for MCP-specific risks, don't surface trust scores, and don't provide the governance controls that enterprises need.

The MCP ecosystem needs a purpose-built registry with security at its core.

Two Package Types

Bundles

Pre-built MCP servers that give your AI new capabilities.

  • • Database access, API integrations, file operations
  • • Cross-platform: macOS, Linux, Windows
  • .mcpb format by Anthropic

Skills

Instructions that teach your AI new behaviors and expertise.

  • • Code review patterns, writing styles, domain knowledge
  • • Universal: works across AI platforms
  • .skill format per Agent Skills spec

mpak: The Secure Package Registry

mpak is the central registry and CLI for AI packages. Discover, install, and manage bundles and skills with simple commands.

For Users

  • Search bundles and skills in one place
  • One command to install
  • Automatic platform detection
  • Version management

For Publishers

  • Central registry for distribution
  • GitHub Actions for CI/CD
  • Provenance and verification
  • Download analytics

Built by NimbleBrain

mpak is built and maintained by NimbleBrain, a company focused on making AI tools more accessible and easier to deploy.

Ready to get started?

Install the CLI and start discovering packages for your AI.

Browse BundlesBrowse SkillsPublish a package