mcphub
Verified Safeby samanhappy
Overview
A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.
Installation
npx mcphubEnvironment Variables
- JWT_SECRET
- DB_URL
- MCPROUTER_API_KEY
- OPENAI_API_KEY
Security Notes
The system includes user authentication and role-based access control, with password hashing for user credentials. It leverages `@node-oauth/oauth2-server` for robust OAuth 2.0 implementation. Environment variables (like API keys) are typically loaded from `process.env` or `mcp_settings.json` and warned if not set in production. The `StdioClientTransport` allows administrators to configure and execute arbitrary commands, which is a core feature for managing external MCP servers; this capability is restricted to authenticated users with write permissions, implying trust in administrators not to inject malicious commands. No direct `eval` or blatant unauthenticated Remote Code Execution (RCE) vectors were identified. File uploads for DXT archives are handled with `AdmZip.extractAllTo` to a temporary, generated directory, reducing path traversal risks.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.
mcp-context-forge
A comprehensive Model Context Protocol (MCP) gateway and proxy that unifies REST, MCP, and A2A services, providing features like federation, virtual servers, rate-limiting, security, and an optional admin UI for managing web content and file conversions to markdown.
mcpm.sh
This server provides a command-line interface to manage Model Context Protocol (MCP) servers, allowing users to discover, install, configure, run, share, and monitor them.
tmcp
Build Model Context Protocol (MCP) servers for AI agents, providing schema-agnostic tools, resources, and prompts, with optional OAuth 2.1 authentication and distributed session management.