mcp-pkg-local
Verified Safeby descoped
Overview
Provides an MCP tool for LLMs to scan, index, and understand local dependency source code in Python and Node.js projects, enabling intelligent code analysis and generation.
Installation
npx @descoped/mcp-pkg-localEnvironment Variables
- DEBUG_SHELL_RPC
- DEBUG_VOLUME
- DEBUG_ADAPTER
- PRESERVE_TEST_DIRS_ON_FAILURE
- USE_SYSTEM_TEMP
- CI
- DEBUG
- BOTTLE_CACHE_ROOT
- PKG_LOCAL_TIMEOUT_MULTIPLIER
- UV_PYTHON_INSTALL_MIRROR
- PIP_AVAILABLE
- UV_AVAILABLE
- PIP_VERSION
- UV_VERSION
- UV_PYTHON_PREFERENCE
- UV_NO_PROGRESS
- UV_NO_COLOR
- PIP_CACHE_DIR
- PIP_DISABLE_PIP_VERSION_CHECK
- PIP_NO_COLOR
- PIP_PROGRESS_BAR
- FORCE_COLOR
- PIP_REQUIRE_VIRTUALENV
Security Notes
The server executes system commands via Shell-RPC (e.g., `which`, `pip install`, `uv sync`). Input validation with Zod and tool-specific argument schemas are in place to mitigate arbitrary command injection. The `read-package` tool is explicitly designed as read-only. No hardcoded secrets or direct arbitrary network calls are apparent from the server's code; network interactions are a side-effect of underlying package manager commands which are monitored and controlled by the robust timeout system.
Similar Servers
jinni
A tool to efficiently provide Large Language Models with structured project context for code comprehension and generation tasks.
claude-prompts-mcp
Enhances AI assistant behavior through structured prompt management, multi-step chains, quality gates, and autonomous verification loops, primarily for development tasks.
compound-mcp-server
Provides a Model Context Protocol (MCP) server for interacting with Groq models, including compound/meta models, exposing tools for real-time information and code execution capabilities from the Groq AI.
logicstamp-mcp
Provides AI assistants with structured access to React/TypeScript codebases through LogicStamp Context's analysis engine, enabling safe analysis, modification, and verification of code.