mcp-safe-run
Verified Safeby Kanak03-star
Overview
Securely launches Model Context Protocol (MCP) servers by dynamically resolving and injecting sensitive credentials (secrets) from various sources (environment, files, OS keychain) into the server's environment.
Installation
mcp-safe-run --target-env '{"API_KEY":"env:GH_TOKEN_FOR_MCP"}' npx -y @modelcontextprotocol/server-githubSecurity Notes
The server's primary function is to resolve and inject secrets into a child process's environment. It uses `keytar` for secure OS keychain integration, which is a robust practice. `env:` placeholders read from process environment variables, and `file:` placeholders read from specified file paths. The main security consideration lies in the trustworthiness of the configuration inputs (YAML files or `--target-env` CLI argument). If these inputs are compromised, `file:` placeholders could be used to exfiltrate local files, or a malicious `targetCommand` could be executed by the child process. The tool itself does not contain `eval()` or other direct arbitrary code execution vulnerabilities in its parsing or resolution logic, making it safe when its configuration inputs are trusted.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.
ggmcp
A focused MCP server for developers, providing remediation tools for secrets detected in code and honeytoken management capabilities.
mcp-cli
A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.