mcp-marketplace
by aiagenta2z
Overview
Provides a local MCP (Model Context Protocol) Client and Marketplace frontend, enabling AI agents to discover, manage, and interact with various MCP servers and their tools, including a proxy for commercial MCPs.
Installation
mcpm runEnvironment Variables
- QWEN_API_KEY
- OPENAI_API_KEY
- CLAUDE_API_KEY
- DEEPNLP_ONEKEY_ROUTER_ACCESS
- MCP_CONFIG_PATH (optional)
Security Notes
The server uses `os.system()` for git cloning and `asyncio.create_subprocess_shell()` to run external MCP server commands (`npx`, `python`, etc.). The commands and arguments are sourced from `mcp_config.json` files or marketplace metadata. If a malicious MCP server configuration is loaded (e.g., from a compromised marketplace entry or a crafted local config), it can lead to arbitrary code execution (RCE) on the host machine. This is a critical security vulnerability. Additionally, test beta keys are hardcoded in some documentation/example configs.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-context-forge
Retrieves web content and files from URLs, then converts them into high-quality Markdown format, supporting various content types and conversion engines.
mcphub
The MCPHub acts as a centralized gateway for managing and orchestrating various Model Context Protocol (MCP) servers and OpenAPI-compatible services. It provides a unified API, OAuth 2.0 authorization, user management, and AI-powered 'smart routing' for dynamic tool discovery and invocation.
MCPJungle
A self-hosted gateway and registry for Model Context Protocol (MCP) servers, allowing AI agents to discover and consume tools from a central location.