spec-kit
Verified Safeby jlwainwright
Overview
The Spec-Kit MCP Server provides a comprehensive toolkit for specification-driven development, automating workflows from feature specification and planning to task breakdown, domain analysis, and guided implementation.
Installation
python3 /Users/jacques/DevFolder/spec-kit/src/speckit_mcp/server.pyEnvironment Variables
- GH_TOKEN
- GITHUB_TOKEN
- SPEC_KIT_LOG_LEVEL
- SPEC_KIT_HOME
- CODEX_HOME
- SPECIFY_FEATURE
Security Notes
The project extensively uses `subprocess.run` for Git commands and script execution. While many calls use list-based arguments which are safer, some shell scripts (e.g., those parsing `{ARGS}` or using `eval $(...)`) could be vulnerable to command injection if malicious input bypasses internal sanitization, especially in untrusted environments. File system operations for templates and outputs are common but appear to be handled with standard Python libraries. No hardcoded secrets were found, and GitHub token handling uses environment variables or explicit arguments. It's a development tool, so some trust in the operating environment is inherent.
Similar Servers
claude-prompts
This server provides a hot-reloadable prompt engine with chains, quality gates, and structured reasoning for AI assistants, enhancing control over Claude's behavior in prompt workflows.
conductor-tasks
Conductor Tasks acts as an intelligent AI-powered assistant for developers, streamlining the entire development lifecycle from task generation and planning (parsing PRDs, expanding tasks, generating implementation steps) to execution and code modification (generating diffs). It provides visual task management, integrates with various IDEs, and leverages multiple LLM providers for optimal results and cost efficiency.
responsible-vibe-mcp
Manages conversation state and guides LLM coding agents through structured software development workflows with long-term project memory and multi-agent collaboration.
mcp-adr-analysis-server
Facilitates architectural decision record (ADR) analysis, content security, deployment and environment analysis, and architectural governance using advanced prompting techniques (GKP, APE, Reflexion) and knowledge graph management to automate and improve development workflows.