mcp-linker
Verified Safeby milisp
Overview
A desktop GUI application for syncing and managing AI Model Context Protocol (MCP) server configurations across various AI clients and providing a marketplace for server templates.
Installation
bun tauri devEnvironment Variables
- VITE_API_BASE_URL
- VITE_REDIRECT_URL
- VITE_SUPABASE_URL
- VITE_SUPABASE_ANON_KEY
- VITE_SHOW_EVENT_FOOTER
Security Notes
The application relies on a remote API (api.mcp-linker.store) for marketplace, cloud sync, and authentication, introducing third-party dependency risks. It fetches and executes Dynamic Extension (DXT) manifests from GitHub, which are validated by a Zod schema but still represent a supply chain risk. Direct execution of external commands (git, uv, node, python, bun, claude) from user-provided or marketplace configurations expands the attack surface, though common for such tools. User configurations from deep links are parsed and then handled by the Rust backend, which is safer than direct frontend eval. Encryption keys are used for cloud sync, and strong cryptography (ring::aead) is employed in the Rust backend for data protection. Authentication uses Supabase, which should handle user credentials securely. Overall, the architecture has common risks associated with desktop apps that interact with external services and execute code, but shows efforts in mitigating some of them.
Similar Servers
mcp-router
A desktop application that simplifies the management and aggregation of Model Context Protocol (MCP) servers.
cli
The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.
mmcp
Manages Model Context Protocol (MCP) server definitions in a central configuration and applies them to various AI agent tools.
mcp-server-tauri
Enables AI assistants to build, test, and debug Tauri v2 applications by providing tools for UI automation, IPC monitoring, and backend state inspection.