mcp-safe-run
Verified Safeby Kanak03-star
Overview
Securely injects secrets from various sources (environment variables, files, OS keychains) into environment variables for launching other applications, particularly Model Context Protocol (MCP) servers.
Installation
mcp-safe-run --target-env '{"API_KEY":"env:GH_TOKEN_FOR_MCP"}' npx -y @modelcontextprotocol/server-githubSecurity Notes
The project uses `keytar` for OS keychain integration, which is a standard secure practice for credentials. It reads environment variables and local files based on user-provided configuration or CLI input. While this functionality inherently allows access to sensitive data if the configuration or input is compromised, the tool itself does not contain obvious malicious patterns, 'eval' usage for untrusted input, or hardcoded secrets. The `spawn` function is used to execute the target command, which is generally safer than `exec`. The primary security consideration is ensuring the integrity of the configuration files (`.mcp-saferun.yaml` or `.mcp-saferun.yml`) and CLI arguments, as these dictate which secrets are accessed and injected into child processes.
Similar Servers
mcphub
The MCPHub acts as a centralized gateway for managing and orchestrating various Model Context Protocol (MCP) servers and OpenAPI-compatible services. It provides a unified API, OAuth 2.0 authorization, user management, and AI-powered 'smart routing' for dynamic tool discovery and invocation.
toolhive-studio
ToolHive is a desktop application that simplifies the discovery, deployment, and management of Model Context Protocol (MCP) servers in secure containers, and connects them to AI agents and clients.
ggmcp
The GitGuardian Developer MCP Server provides AI agents with tools to detect and remediate secret incidents in code, manage honeytokens for security monitoring, and handle incident management within a developer workflow.
mcp-cli
Manages and deploys Model Context Protocol (MCP) server configurations (local, container, remote) to various AI tools, simplifying their setup and profile switching.