shadcnspace-mcp
Verified Safeby shadcnspace
Overview
This MCP server enables AI agents to interact with Shadcn Space's UI block registry for listing, searching, and installing components to build web interfaces.
Installation
npx shadcnspace-mcp@latestSecurity Notes
The server utilizes Zod for input validation, mitigating common injection risks. Network requests are made to a hardcoded external domain (tailwind-admin.com), reducing the risk of arbitrary SSRF. The `getBlockInstall` tool, while its description in the README implies returning implementation details, actually outputs an `npx` installation command, not executing arbitrary code itself. The only potential minor concern is how component names (user-provided) are directly used in URL paths for fetching details (e.g., `https://tailwind-admin.com/r/${name}.json`). While Zod ensures it's a string, if `name` could contain malicious path traversal characters that bypass external LLM sanitization and are not blocked by the `fetch` implementation, it could lead to unexpected resource access on the `tailwind-admin.com` domain. However, this is a low risk given typical component naming conventions.
Similar Servers
shadcn-ui-mcp-server
Provides AI assistants with comprehensive access to shadcn/ui v4 components, blocks, demos, and metadata across multiple frameworks (React, Svelte, Vue, React Native) for UI development and code generation.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
toolhive-cloud-ui
A UI for interacting with AI models via OpenRouter and managing/utilizing MCP (Model Context Protocol) servers and their tools from a centralized catalog.