DEV Community: Obot AI

The Client Zoo Problem: Why Enterprise AI Needs Central Skills Management

Obot AI — Thu, 11 Jun 2026 19:53:14 +0000

By Bill Maxwell, Solutions Architect - Obot AI

Your support team built a great "triage a ticket" skill for Claude Code. It took weeks to get right. Meanwhile your sales engineers — working in Cursor — built the same skill from scratch last month. Theirs isn't as good, and neither team knows the other's exists.

This is where a lot of enterprise AI adoption has quietly landed. Multiple AI clients, duplicated workflows, no shared knowledge, no governance. The problem isn't that teams are using different tools — it's that reusable enterprise knowledge keeps getting trapped inside them.

This post breaks down why central skills management is the missing piece, and what it actually looks like to govern and distribute AI skills across an organization.

Originally published on Obot AI

How to Build and Publish a Skill Your Whole Team Can Use

Obot AI — Fri, 05 Jun 2026 13:42:00 +0000

By Craig Jellick, Obot AI

MCP servers get a lot of attention, but skills are where a lot of the day-to-day value lives for teams using AI agents. The problem is that most teams build skills in silos — one developer writes something useful, it lives on their machine, and nobody else benefits from it.

This tutorial walks through how to build a skill, publish it to a centrally managed catalog with Git-based versioning and access controls, and make it installable across any AI client your team uses — Cursor, Claude Desktop, Copilot, and more.

If you've been building with Obot or just exploring what centrally managed AI skills actually look like in practice, this is a good hands-on starting point.

📓 Full tutorial · 🐙 GitHub

Originally published on Obot AI

Who's Managing Your Team's AI Client Sprawl?

Obot AI — Wed, 03 Jun 2026 17:04:37 +0000

Something we keep running into in conversations with engineering and security teams: nobody really knows what AI clients and MCP servers are running on their developers' machines.

It's not negligence — it happened fast. Six months ago it was one or two tools. Now it's Cursor, Claude Desktop, Copilot, Windsurf, and a handful of MCP servers someone installed from a GitHub README. Each with its own config, its own credentials, nobody with a full picture.

We've been thinking hard about this problem at Obot AI and it's part of what drove our latest release. But we're curious where others are at — is fleet-wide visibility into AI clients and MCP servers on your radar yet, or is your team still figuring out more basic AI tooling questions first?

Obot Platform v0.22.0: Centrally Managed Skills, Fleet Scanning & Enterprise Controls

Obot AI — Wed, 03 Jun 2026 15:18:00 +0000

From the Obot AI team

We've been building Obot as an MCP Gateway from the start. v0.22.0 is where we go bigger.

The problem we kept hearing from teams: the "client zoo." Developers spread across Cursor, Claude Desktop, Copilot, Windsurf — each with its own config, its own local MCP servers, its own skill definitions. No standardization. No visibility for admins. Skills getting duplicated and inconsistently authored across every team.

v0.22.0, which shipped last week, tackles that directly with three new capabilities:

→ Centrally managed skills — admins publish a curated catalog; users install to any local AI client with a single command
→ Fleet scanning — obot scan gives you a live inventory of every AI client, MCP server, and skill running across your org
→ Enterprise MCP controls — managed image pull secrets, external secret integration, OAuth inspector, user-defined headers

This is the beginning of a broader vision: a control plane for your entire AI tooling stack, not just MCP.

📓 Full release notes · 🐙 GitHub release

Dangerous MCP OAuth Shortcuts are Ruining Security

Obot AI — Mon, 01 Jun 2026 16:31:52 +0000

By Adrian Goins, Obot AI

757 MCP servers compromised. 36% scored failing grades. Zero earned an A.

Those aren't projections — that's what a recent audit of real-world MCP OAuth implementations found. And the culprit isn't sophisticated attacks. It's shortcuts: client secrets hardcoded in frontend code, redirect URIs left wide open, PKCE skipped because it seemed like overkill.

OAuth is well understood at this point. So why are MCP implementations getting it so consistently wrong? Adrian Goins breaks down the specific patterns that are turning OAuth from a security control into a liability — and what a secure MCP OAuth implementation actually looks like.

Originally published on Obot AI.

Understanding the Model Context Protocol: A Beginner's Guide

Obot AI — Sat, 30 May 2026 14:08:00 +0000

By Stein Ove Helset, Obot AI

MCP (Model Context Protocol) keeps coming up everywhere in AI right now — but a lot of the explainers out there assume you already know what it is.

This guide starts from scratch. What problem did MCP actually solve? Why did AI integrations become such a fragmented mess before it existed? And how does the protocol work under the hood?

If you've been nodding along in conversations about MCP without fully following along — this one's for you.

Originally published on Obot AI

MCP Security Has Gone Mainstream

Obot AI — Fri, 29 May 2026 15:48:13 +0000

By Shannon Williams, President & Co-founder of Obot AI

A few days ago our outside counsel forwarded me a risk explainer on MCP from a major law firm's technology transactions group. It was the third in a series they've been running on MCP — laying out a NIST-based control framework for deploying MCP connectors in regulated enterprises.

That's not a developer audience. That's general counsel, CISOs, and procurement teams.

A year ago, MCP was something you explained to enterprise architects from scratch. Now the questions have shifted from "what is this" to "we already have this in production, our auditors are asking, what's the control framework."

MCP security has gone mainstream — and in this post I break down what that shift actually means and the four operational controls every organization deploying MCP needs to have in place.

Originally published on obot.ai

Hello from us at Obot AI!

Obot AI — Thu, 28 May 2026 15:26:10 +0000

Hey dev.to 👋

We're Obot — an open-source platform built for teams that want to connect AI agents to real tools without the security and governance headaches that come with it.

We started as an MCP Gateway, and #MCP is still at the core of what we do. But we've grown beyond that. Our latest release (v0.22.0, just shipped May 27) gets at a problem we keep hearing from teams: the "client zoo." A single company has users spread across Cursor, Claude, Copilot, and a half-dozen other AI clients — each with its own config model, its own skills directory, its own way of attaching MCP servers. Nobody has visibility into what's actually running on employee machines, and skills get duplicated and inconsistently authored across every team.

v0.22.0 adds centrally managed skills, fleet scanning across AI clients and coding agents, and stronger enterprise controls for MCP. It's the beginning of a broader vision: a control plane for the whole AI tooling stack, not just MCP.

We'll be posting regularly on:

MCP fundamentals (great if you're just getting started)
Building and deploying MCP servers
Security and access control for agentic AI
Managing AI tooling at enterprise scale

We're developers first, sharing practical content — tutorials, explainers, and honest takes.

If you're building with MCP or wrangling AI tooling across a team, follow along. And we'd genuinely love to know: what's the messiest part of managing AI tools across your org right now?

— The Obot team