a11y-mcp
Verified Safeby berucha-lilly
Overview
Automated accessibility code review and WCAG 2.2 AA enforcement for GitHub Pull Requests using a hybrid analysis engine.
Installation
node src/mcp-server.jsEnvironment Variables
- GITHUB_TOKEN
- PR_NUMBER
- REPOSITORY
- BRANCH
- LDS_STORYBOOK_URL
- LDS_CACHE_TTL
- MCP_SERVER_PATH
Security Notes
The server uses `fs.readFileSync` based on a `filePath` argument, which could be a local file system risk if the input is not carefully controlled. In its intended GitHub Actions context, `filePath` is expected to refer to files within the PR's changes, mitigating arbitrary file access. The `GITHUB_TOKEN` is used for GitHub API interactions (fetching PR content, posting comments) which is standard but requires appropriate token permissions. No explicit `eval` or code obfuscation found. Dependencies are standard for code analysis.
Similar Servers
mcp-server-for-Github
Provides comprehensive GitHub workflow automation for AI-powered development teams, including Actions monitoring, advanced PR management, intelligent code search, and complete file management.
logicstamp-mcp
Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.
mcp-gihub-integration
This package provides a GitHub API client for integration with an MCP (Model Context Protocol) server, enabling automation of GitHub tasks.
mcp-server-proposal
An AI-powered compliance assistant that automatically analyzes GitHub Pull Requests for security vulnerabilities, license compliance, code quality issues, and custom company rules.