mcpo
Verified Safeby open-webui
Overview
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
Installation
uvx mcpo --port 8000 --api-key "top-secret" -- your_mcp_server_commandEnvironment Variables
- LOG_LEVEL
- CONNECTION_TIMEOUT
Security Notes
The server's core functionality involves executing a user-provided MCP server command. While this is its intended purpose, it means that the security of the overall system is highly dependent on the trustworthiness of the `your_mcp_server_command` argument. The proxy itself implements API key authentication, configurable CORS, and OAuth 2.1 support for streamable HTTP servers. OAuth tokens are stored in plaintext on disk by default (`~/.mcpo/tokens/`), which is a common practice for local applications but could be a concern in highly sensitive environments. There are no clear indications of `eval` or other arbitrary code execution vulnerabilities within mcpo's own codebase, beyond its primary function of launching the specified MCP server.
Similar Servers
fastapi_mcp
Automatically converts FastAPI endpoints into Model Context Protocol (MCP) tools for seamless integration with LLM agents.
mcp-context-forge
A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.
mcphub
A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.
mcp-omnisearch
Provides a unified interface for LLMs to access multiple web search, AI response, content processing, and enhancement tools from various providers through the Model Context Protocol (MCP).