mbta-mcp
Verified Safeby ericskiff
Overview
Provides real-time MBTA Worcester Line train schedules as a Model Context Protocol (MCP) server for AI assistants.
Installation
npm run devEnvironment Variables
- MBTA_API_KEY
- MCP_API_KEY
Security Notes
The server correctly utilizes environment variables for both the MBTA API Key and an optional MCP authentication key. Input validation for the 'get_worcester_departures' tool is robustly implemented using Zod schemas, mitigating common injection and data validation risks. Network requests to the external MBTA API are performed using `fetch` with controlled, parameterized inputs, preventing arbitrary code execution. The authentication mechanism for the MCP server itself (`MCP_API_KEY`) relies on a bearer token via the Authorization header; while optional, its implementation is standard when enabled. If the `MCP_API_KEY` is not set, the server allows anonymous access, which is a deployment configuration risk if not intended, but not a code vulnerability. No 'eval', direct command execution via user input, or obvious malicious patterns were found in the provided source code.
Similar Servers
us-census-bureau-data-api-mcp
The MCP Server provides a standardized API for AI assistants (LLMs) to access and process U.S. Census Bureau data and geography information, enabling data retrieval and analysis through an agent-like interface.
noteit-mcp
Provides an HTTP Model Context Protocol (MCP) server for AI coding tools to access structured agent profiles and personalized notes, enhancing AI development workflows.
google-maps-mcp-server
Empower AI agents with real-time Google Maps location intelligence (directions, places, geocoding, traffic, roads, elevation, safety) through a standardized Model Context Protocol (MCP) interface.
mcp_server
This server template provides a foundation for building Model Context Protocol (MCP) servers to integrate with AI assistants and other MCP clients, offering tools for GitHub, Microsoft Graph, weather data, and JWT decoding.