multi_mcp
Verified Safeby religa
Overview
A multi-model AI orchestration server providing automated code review, security analysis, and general LLM-powered assistance through the Model Context Protocol (MCP).
Installation
uv run python -m multi_mcp.serverEnvironment Variables
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- GEMINI_API_KEY
- OPENROUTER_API_KEY
- AZURE_API_KEY
- AZURE_API_BASE
- AZURE_API_VERSION
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION_NAME
- DEFAULT_MODEL
- DEFAULT_MODEL_LIST
- LOG_LEVEL
- MODEL_TIMEOUT_SECONDS
- MAX_FILES_PER_REVIEW
- MAX_FILE_SIZE_KB
- MAX_CODEREVIEW_RESPONSE_SIZE
- ARTIFACTS_DIR
Security Notes
The core codebase does not contain overt malicious patterns or hardcoded production secrets. It employs careful path resolution to prevent traversal attacks. The server leverages subprocess execution for CLI models, which is handled with timeout mechanisms and checks for command existence, generally avoiding `shell=True` for safer input handling. Its primary function is to *detect* security issues, reflecting a security-aware design. The "vulnerabilities" mentioned in the README are intentionally vulnerable test cases from the `tests/data/repos/sql_injection` directory, designed to test the Multi-MCP server's detection capabilities, and are not flaws within the Multi-MCP server's own code.
Similar Servers
claude-flow
AI Agent Orchestration and Development Platform for Claude Code
claude-code-mcp
Acts as an MCP server to enable LLMs to run Claude Code CLI in one-shot mode, bypassing permissions for complex coding, file system, Git, and terminal operations.
consult-llm-mcp
An MCP server that allows AI agents like Claude Code to consult stronger, more capable AI models (e.g., GPT-5.2, Gemini 3.0 Pro) for complex code analysis, debugging, and architectural advice.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.