MCP vs Skills vs Safebox

General
1

Most skills require you to install a dedicated CLI. But what if you aren’t in a local terminal? ChatGPT can’t run CLIs. Neither can Perplexity or the standard web version of Claude. Unless you are using a full-blown compute environment (like Perplexity Computer, Claude Cowork, Claude Code, or Codex), any skill that relies on a CLI is dead on arrival.

This leads to a cascade of annoying UX and architectural problems:

  • The Deployment Mess: CLIs need to be published, managed, and installed through binaries, NPM, uv, etc.
  • The Secret Management Nightmare: Where do you put the API tokens required to authenticate? If you’re lucky, the environment has a .env file you can dump plain-text secrets into. Some ephemeral environments wipe themselves, meaning your CLI works today but forgets your secrets tomorrow.
  • Fragmented Ecosystems: Skill management is currently the wild west. When a skill updates, you have to reinstall it. Some tools support installing skills via npx skills, but that only works in Codex and Claude Code, not Claude Cowork or standard Claude. Pure knowledge skills work in Claude, but most others don’t. Some tools support a “skills marketplace,” others don’t. Some can install from GitHub, others can’t. You try to install an OpenClaw skill into Claude and it explodes with YAML parsing errors because the metadata fields don’t match.
  • Context Bloat: Using a skill often requires loading the entire SKILL.md into the LLM’s context window, rather than just exposing the single tool signature it needs. It’s like forcing someone to read the entire car’s owner’s manual when all they want to do is call car.turn_on().

A lot of skills I see require some “global” api key to work, which renders it almost impractical in enterprise setups for non-developers, environments where there is no way you can provide those. You can’t even provide “envs” with secrets in Chatgpt/Claude.ai regular web interfaces if you use a skill there. Some tools work around this limitation by wrapping their own CLI tool, which in turn handles authentication, ideally via OAuth. This works for local dev tooling, but again, not for skills being used through web interfaces. with MCP connection, this works out of the box, as long as the MCP provider supports this.

from https://medium.com/@alonisser/mcp-is-dead-or-mcp-vs-skills-revisited-daaa51b9a519

Compare Safebox: