mcp-tools
Verified Safeby clerk
Overview
Provides a TypeScript library to simplify building Model Context Protocol (MCP) clients and servers, enabling AI applications to securely access private user data through OAuth-based authentication flows.
Installation
No command providedEnvironment Variables
- CLERK_PUBLISHABLE_KEY
- CLERK_SECRET_KEY
- NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY
- REDIS_URL
- DATABASE_URL
- JWT_SECRET
Security Notes
The project follows good security practices including PKCE for OAuth flows and parameterized queries for database interactions (SQLite, Postgres), mitigating SQL injection risks. Environment variables are used for sensitive keys like Clerk API keys and database credentials. Publicly exposed OAuth metadata endpoints use `Access-Control-Allow-Origin: *` which is acceptable for metadata but should not be broadly applied to sensitive data endpoints. A minor `@ts-expect-error` is used for augmenting the Express request object, which is a common pattern but bypasses type safety.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.