JFrog

JFrog

JFrog Platform integration with MCP, security skills, supply-chain best practices, and JFrog Agent Guard governance for adding, removing, and listing MCP servers.

Created by JFrogVerified by CursorView Source
Skills3
jfrogInteract with the JFrog Platform via the JFrog CLI, JFrog MCP server and REST/GraphQL APIs. Use this skill when the user wants to manage Artifactory repositories, upload or download artifacts, manage builds, configure permissions, manage users and groups, work with access tokens, configure JFrog CLI servers, search artifacts, manage properties, set up replication, manage JFrog Projects, run security audits or scans, look up CVE details, query exposures scan results from JFrog Advanced Security, manage release bundles and lifecycle operations, aggregate or export platform data, or perform any JFrog Platform administration task. Also use when the user mentions jf, jfrog, artifactory, xray, distribution, evidence, apptrust, onemodel, graphql, workers, mission control, curation, advanced security, exposures, or any JFrog product name. Do NOT use this skill to install, add, remove, list, or manage MCP servers.
jfrog-ai-catalog-skillsDiscover, install, manage, and publish agent skills hosted in the JFrog AI Catalog (Artifactory skills repositories) using the JFrog CLI (`jf skills`) and the JFrog Agent Guard. Lists and searches available skills (catalog-wide or scoped to a project), shows a skill's versions and which repos host it, installs the latest or a pinned version, verifies the install, lists installed skills, updates and removes them, and publishes (uploads) a local skill bundle and releases new versions. Use when the user asks what skills are available or installed, to search/browse the catalog, to install/update/uninstall a skill, to see a skill's versions, or to publish/upload/release a skill to JFrog / Artifactory / the AI Catalog.
jfrog-package-safety-and-downloadCheck JFrog Public Catalog and stored packages for a version, interpret catalog security signals, and download through Artifactory (JFrog Platform locations, remote cache, curation-aware package managers, or repo proxy). Use when the user asks whether a package is safe, allowed, curated, or wants to download npm, Maven, PyPI, Go, or similar packages via JFrog. Do NOT use for pure CVE or vulnerability lookups (e.g. "details on CVE-2021-23337") — those are handled by the jfrog skill's Public security domain queries without this workflow.