HEBMCP
Verified Safeby gigq
Overview
An MCP server enabling AI assistants to search HEB products and manage a shopping cart for curbside pickup or delivery.
Installation
./start.shEnvironment Variables
- HEB_STORE_ID
- HEB_SHOPPING_CONTEXT
- HEB_COOKIE_TSV
Security Notes
The server's core functionality relies on session cookies exported from a user's browser, which are then passed as an environment variable (HEB_COOKIE_TSV) to the Node.js process. The README explicitly warns users not to commit `cookies.tsv` or `.env` files, which is critical. If these files are compromised, an attacker could gain full session control over the user's HEB account. The server itself does not contain obvious malicious patterns or dynamic code execution vulnerabilities like 'eval' and restricts its network activity to `heb.com/graphql`. Robust error handling for authentication (401/403) and rate limits (429) is present. The primary security risk lies in the user's secure handling of their session cookies.
Similar Servers
ha-mcp
Provides AI agents with complete control over Home Assistant via REST and WebSocket APIs, offering a comprehensive suite of tools for smart home management, automation, and debugging.
hevy-mcp
This server acts as a Model Context Protocol (MCP) interface, enabling AI assistants to interact with the Hevy fitness tracking app's API to manage workout data, routines, exercise templates, folders, and webhook subscriptions.
mcp-helm
Provides a Model Context Protocol (MCP) server for AI assistants to interact with Helm repositories and charts without requiring a local Helm installation.
groceries-mcp
Orchestrates automated grocery shopping using an LLM agent that interacts with various grocery vendor APIs via Model Context Protocol (MCP) tools.