MCP-Scooter
by afaraha8403
Overview
MCP Scout acts as a local-first management and gateway system for AI tools, designed to reduce context bloat and simplify configuration for AI agents interacting via the Model Context Protocol.
Installation
make devEnvironment Variables
- GITHUB_TOKEN
- BRAVE_API_KEY
- YOUR_API_KEY
- CLIENT_ID_ENV
- CLIENT_SECRET_ENV
- TOKEN_ENV
- REFRESH_TOKEN_ENV
Security Notes
The project uses good practices for local network binding and credential storage (OS Keychain). However, a critical security vulnerability exists in its tool runtime configuration. The `runtime` definitions for tools (e.g., in `github.json`, `brave-search.json`) specify `"command": "npx", "args": ["-y", "@scope/package-name"]`. The `npx -y` command automatically installs and executes arbitrary npm packages without explicit user confirmation. This creates a severe supply chain risk where a malicious MCP tool definition, whether from a compromised 'community' registry or a locally injected definition, could lead to arbitrary code execution on the user's machine. While the `scooter_code_interpreter` uses a sandboxed JavaScript engine (`goja`), the `npx -y` mechanism bypasses this sandbox for external tool execution. Additionally, the `kill_process` Tauri command, while for a legitimate purpose (port conflict resolution), grants the UI the ability to terminate arbitrary processes by PID, which is a high-privilege action.
Similar Servers
5ire
A desktop AI assistant client that integrates with various LLM providers and connects to Model Context Protocol (MCP) servers for extended tool-use and knowledge base capabilities.
MCPJungle
MCPJungle is a self-hosted Model Context Protocol (MCP) Gateway that allows developers to register and manage various MCP servers and their tools from a central location, enabling AI agents to discover and consume these tools from a single gateway.
aicode-toolkit
An MCP proxy server that aggregates multiple Model Context Protocol (MCP) servers, enabling on-demand tool discovery and execution, thereby significantly reducing AI agent token usage and improving context window efficiency by loading tools progressively.
ncp
NCP acts as a universal adapter and orchestrator for Model Context Protocol (MCP) servers and tools. It provides a unified interface for discovery, execution, and management of diverse tools (local CLI, HTTP APIs, internal plugins/Photons, AI skills) through natural language and structured code interaction, enabling AI agents to interact with the broader digital ecosystem.