install-this-mcp
Verified Safeby janwilmake
Overview
The tool generates comprehensive, client-specific installation guides for remote Model Context Protocol (MCP) servers, reducing friction for server maintainers.
Installation
wrangler devSecurity Notes
The Cloudflare Worker fetches metadata (MCPServerCard) from a user-provided MCP URL. Fields like `description` and `instructions` from this metadata are directly embedded into the generated HTML with minimal sanitization (only Markdown-like replacements for `**` to `<strong>` and `\n` to `<br>`). This creates a Reflected Cross-Site Scripting (XSS) vulnerability, as a malicious MCP server could inject arbitrary HTML or JavaScript into these fields, which would then execute in the user's browser when they view the generated guide. Additionally, the `serverIcon` URL is directly inserted into an `<img>` tag without URL encoding, potentially allowing XSS via crafted `javascript:` URLs if the icon source is malicious. While no `eval` or hardcoded secrets are present, this vulnerability due to improper input sanitization for dynamically generated content is critical.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
cli
The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.
mcp-registry
The Model Context Protocol (MCP) Registry centralizes and structures installation configurations for various MCP servers, enabling easy discovery and integration into MCP clients and hubs.
mcp-server-dump
A command-line tool to extract, analyze, and document the capabilities (tools, resources, prompts) of MCP (Model Context Protocol) servers in various formats, including Markdown, JSON, HTML, PDF, and Hugo sites.