mcp-guide
Verified Safeby deeprave
Overview
The MCP server provides project documentation and development guidance, enabling AI agents to manage project configuration (categories, collections, feature flags), access content, track workflow state, and interact with the filesystem in a secure manner. It also includes client context detection (like OpenSpec CLI presence) and dependency vulnerability checking.
Installation
python -m mcp_guide.mainEnvironment Variables
- MG_DEBUG
- MG_DEBUG_PORT
- MG_DEBUG_WAIT
- MG_LOG_LEVEL
- MG_LOG_FILE
- MG_LOG_JSON
- MCP_TOOL_PREFIX
- MCP_INCLUDE_EXAMPLE_TOOLS
- MCP_GUIDE_NAME
- PWD
- TMPDIR
- TEMP
- TMP
Security Notes
Comprehensive filesystem security is implemented with explicit read/write policies, path traversal prevention, and system directory blacklisting. External API calls (e.g., to osv.dev) are enforced to use HTTPS. No direct `eval()` usage or hardcoded secrets were observed. A specific tool (`set_filesystem_trust_mode`) exists that can explicitly disable all filesystem security, which is a potential risk if misused by an agent.
Similar Servers
mcp-scanner
Scans Model Context Protocol (MCP) servers, tools, prompts, and resources for security vulnerabilities, employing static analysis, YARA rules, Cisco AI Defense API, and LLM-based behavioral analysis.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.