mcp-gen
Verified Safeby jpdutoit
Overview
Generates Model Context Protocol (MCP) servers from TypeScript functions annotated with JSDoc comments.
Installation
mcp-gen <entry-file> -o <output-dir> [-n <server-name>]Environment Variables
- MCP_PORT
Security Notes
The mcp-gen tool itself appears reasonably secure for its intended purpose. It uses `child_process.spawn` to run the generated server, inheriting `stdio` and `process.env`, which could potentially expose sensitive environment variables if the generated server or its dependencies were compromised. It also uses `execSync` for running `npx tsc` during type declaration generation; while `tsc` is a trusted tool, synchronous external command execution generally carries inherent risks. The primary security risk lies with the user-provided TypeScript code that the tool processes, as this code will be executed as part of the generated MCP server. The tool does not appear to contain malicious patterns, obfuscation, or hardcoded secrets.
Similar Servers
frontmcp
The CodeCall plugin provides AgentScript-based meta-tools for orchestrating MCP tools, enabling programmatic discovery, description, execution, and invocation of server capabilities within a sandboxed JavaScript environment.
template-mcp-server
Provides a CLI tool and template to quickly get started building a Model Context Protocol (MCP) server using FastMCP, supporting both stdio and HTTP transports.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
mcp-execution
Transforms any Model Context Protocol (MCP) server into executable, type-safe TypeScript tools for AI agents, enabling progressive loading and achieving significant token savings.