klavis
by Klavis-AI
Overview
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
Installation
npm run devEnvironment Variables
- KLAVIS_API_KEY
- OPENAI_API_KEY
- AUTH_DATA
- TAVILY_API_KEY
- SUPABASE_URL
- KUBECONFIG_JSON
- TERMINAL_ALLOWED_DIR
- IMAP_SERVER
- SMTP_SERVER
Security Notes
The project includes multiple MCP servers that execute arbitrary system commands (e.g., `kubectl`, `helm`, general shell commands via `local/terminal`) or direct SQL queries (`supabase_execute_sql`) based on user or LLM input. While some attempts at input validation and sandboxing are present (`local/terminal`'s `SecurityConfig`), these mechanisms are inherently difficult to secure completely against sophisticated injection attacks. This poses significant shell and SQL injection risks if not deployed in highly controlled and sandboxed environments. Access tokens and API keys are generally handled via environment variables or `x-auth-data` headers, which is good practice, but the privilege escalation potential of the command execution tools remains a critical concern. Exposed HTTP/SSE endpoints for local servers also present a network risk if not properly firewalled.
Similar Servers
mesh
An open-source control plane for Model Context Protocol (MCP) traffic, providing unified authentication, routing, observability, and tool management for AI agents and integrations across various services.
metorial-platform
An open source integration platform for agentic AI, connecting AI models to external APIs, data sources, and tools.
ironmanus-mcp
Orchestrates AI workflows with an 8-phase control flow and specialized tools, serving as a Model Context Protocol (MCP) server.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.