cfbd-mcp-server
Verified Safeby myvfc
Overview
Provides college football player statistics from the CFBD API through an MCP (Multi-tool Coordination Protocol) endpoint.
Installation
node server.jsEnvironment Variables
- PORT
- MCP_API_KEY
- CFBD_API_KEY
Security Notes
The server correctly uses environment variables for `CFBD_API_KEY` and `MCP_API_KEY`, preventing hardcoded secrets. It implements optional bearer token authentication for the `/mcp` endpoint. Input validation is minimal for `team` and `year` parameters, relying on CFBD API for handling, which is generally acceptable for public APIs. Extensive logging in some variants could expose request details, but it's not a critical vulnerability. CORS is implicitly open for all origins as `cors()` is used without specific origin restrictions in some included files, which is common for tool servers but could be tightened if needed. The primary server.js does not explicitly configure cors, but express does not restrict it by default. The server does not use `eval` or other highly dangerous patterns.
Similar Servers
academia_mcp
An MCP server providing tools for searching, fetching, analyzing, and reporting on scientific papers and datasets, often powered by LLMs.
mcp
Provides a Model Context Protocol (MCP) server for accessing comprehensive sports data and analytics from the BALLDONTLIE API across 18 major sports and leagues.
tokenbowl-mcp
A Model Context Protocol (MCP) server for a fantasy football league, providing tools to interact with the Sleeper API, Fantasy Nerds API, and Token Bowl Chat for LLM-powered fantasy management.
sumo-mcp
This server powers AI chatbots with historical and live sumo wrestling data by acting as an interface to the Model Context Protocol.