Why aren't Claw skills just MCP server install instructions? (nickdirienzo.com)

A developer has introduced NonnaClaw, an experimental fork of NanoClaw, that aims to enhance security in AI skill management by using MCP (Modular Capability Protocol) servers as a boundary for capabilities. This innovation addresses key concerns in AI skill execution, particularly the non-deterministic nature of skills that rewrite source code at runtime, which can pose significant security risks due to lack of versioning and typed interfaces. NonnaClaw separates capabilities, configuration, and workflows into distinct layers, allowing users to provide and manage capabilities in a more secure and predictable manner using typed, versioned MCP servers. The significance of NonnaClaw for the AI/ML community lies in its potential to transform how AI skills are structured and executed, mitigating vulnerabilities associated with traditional plug-in architectures. By adopting a model similar to established software package management systems, NonnaClaw allows skills to be packaged in a way that can be scanned for vulnerabilities, promoting better security practices. This shift not only enhances the developer experience by providing a more robust framework for building and deploying AI skills but also addresses critical issues of trust and accountability, making it a promising development in the evolution of AI systems.