mcpb
Verified Safeby modelcontextprotocol
Overview
A CLI toolchain for developing, validating, packing, and signing MCP (Model Context Protocol) Bundles for AI desktop applications, with experimental UV runtime support for Python.
Installation
mcpb pack .Security Notes
The server code demonstrates good security practices, especially in file unpacking with explicit 'Path traversal attempt detected' checks to prevent zip slip attacks. Uses 'child_process.execFile' for OS-level certificate verification (`openssl`, `security`, `powershell`) and self-signed certificate generation, which is a controlled use of external commands. Variable replacement in `mcp_config` patterns using `new RegExp` is present; while keys are typically simple, arbitrary user input as a key could theoretically pose a regex injection risk if not sufficiently sanitized upstream, though this is a low practical risk given the context of configuration keys. No 'eval' or obvious hardcoded secrets were found.
Similar Servers
mcpm.sh
This server provides a command-line interface to manage Model Context Protocol (MCP) servers, allowing users to discover, install, configure, run, share, and monitor them.
jetski
Jetski is an Open Source MCP Analytics and Authentication Platform designed to simplify installation, authentication, and provide logs/analytics for Model Context Protocol (MCP) servers.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
Hatch
Hatch is a package manager designed for Model Context Protocol (MCP) servers, enabling environment isolation, multi-type dependency orchestration, and streamlined development.