backlog-mcp
Verified Safeby gkoreli
Overview
A minimal task backlog server for LLM agents or CLI editors that supports MCP integration.
Installation
npx -y backlog-mcpEnvironment Variables
- BACKLOG_DATA_DIR
- BACKLOG_VIEWER_PORT
Security Notes
The server includes a web viewer that makes a call to `node:child_process.exec("open \"${filePath}\"")` to open task files in the default editor. While direct shell injection via the `taskId` is mitigated by a strict `TASK-XXXX` pattern validation and `path.join` for filePath construction, using `exec` with any user-derived input (even validated) always carries a small inherent risk if future changes or specific environment configurations allow for unforeseen bypasses. The `Access-Control-Allow-Origin: *` header is set for the local web viewer, which is typical for local development tools but means cross-origin requests are permitted from anywhere.
Similar Servers
backlog-mcp-server
This MCP server integrates Backlog API with AI agents like Claude to manage projects, issues, and wikis, providing a conversational interface for project management tasks.
mcp-http-agent-md
This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.
mcp-ai-agent-guidelines
A comprehensive AI agent development framework focused on structured design, prompt engineering, code analysis, and agent-to-agent orchestration for developers.
AI-Prompt-Guide-MCP
Orchestrates AI agents for project management and development workflows by linking structured markdown specifications and tasks.