Ghost-MCP-Server
Verified Safeby jgardner04
Overview
Manages a Ghost CMS instance programmatically by exposing its Admin API as an MCP Server, allowing AI agents or other systems to create, update, delete, and retrieve content (posts, pages, tags, members, newsletters, tiers) and upload images.
Installation
node src/mcp_server.jsEnvironment Variables
- GHOST_ADMIN_API_URL
- GHOST_ADMIN_API_KEY
Security Notes
The server implements robust security measures including comprehensive input validation (Zod schemas), NQL injection prevention, HTML sanitization (XSS prevention) for content and notes, and a tightly controlled URL validator (SSRF protection) for image downloads. API keys are loaded from environment variables and handled securely. Rate limiting and graceful shutdown are also implemented. The image URL validator whitelist is very restrictive (only a few popular image hosting domains), which is a strong security choice but could be a functional 'gotcha' for users.
Similar Servers
mcp-omnisearch
Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-ai-wpoos
Provides a stable API and server framework for integrating AI models and tools into WordPress, enabling advanced AI assistant capabilities and workflow automation.