raycast-mcp-server
by ExpertVagabond
Overview
Automate Raycast operations, system functions, and integrate various third-party services like GitHub, Notion, and Slack via a Model Context Protocol server.
Installation
node dist/index.jsEnvironment Variables
- RAYCAST_API_KEY
- RAYCAST_TEAM_ID
- GITHUB_TOKEN
- NOTION_TOKEN
- FIGMA_TOKEN
- SLACK_TOKEN
- LINEAR_TOKEN
- JIRA_TOKEN
Security Notes
The server extensively uses `child_process.exec` and `osascript` to interact with macOS and Raycast. Several tool handlers, specifically `raycast_extensions` (for `install` and `publish` actions), `raycast_search`, and `raycast_clipboard` (for `copy` action), embed user-provided string arguments (`extension_id`, `publish_path`, `query`, `text`) directly into shell commands or AppleScript without explicit, robust sanitization. This creates significant vulnerabilities for command injection, potentially allowing a malicious actor or a compromised AI to execute arbitrary commands on the host system. The `executeRaycastCommand` function also exposes direct arbitrary command execution capability.
Similar Servers
5ire
A desktop AI assistant and MCP (Model Context Protocol) client that integrates with various LLMs, supports external tools via MCP servers, and manages a local knowledge base.
XcodeBuildMCP
A Model Context Protocol (MCP) server that provides Xcode-related tools for integrating AI assistants with Apple development workflows.
mesh
Centralized Context Management System (MCP Mesh) for building and managing AI applications, agents, and workflows with integrated governance, observability, and cost control.
ncp
NCP acts as a universal orchestrator for Model Context Protocol (MCP) servers, allowing AI agents to discover, manage, and execute tools from various sources (local, remote, internal, CLI, skills, photons) via a unified interface, while providing intelligent search, security controls, and scheduling capabilities. Its core function is to reduce tool-use hallucination and token consumption for AI.