lgtmcp
Verified Safeby shields
Overview
An AI-powered Model Context Protocol (MCP) server that reviews code changes and can automatically commit them or provide detailed feedback.
Installation
lgtmcpEnvironment Variables
- GOOGLE_APPLICATION_CREDENTIALS
Security Notes
The server demonstrates robust security practices, particularly in file access and path validation. The `handleFileRetrieval` function in `review.go` includes critical checks for path traversal vulnerabilities (`..`), resolves absolute paths, ensures access is within the repository boundaries, respects `.gitignore` rules using `git check-ignore`, and explicitly handles symlinks to prevent them from pointing outside the repository. Gitleaks is integrated for built-in secret detection on changed code, and the tool uses `exec.CommandContext` for git operations with timeouts. Test secrets are ROT13 encoded to prevent accidental triggers. Authentication to the Gemini API relies on user-provided API keys or Application Default Credentials, preventing hardcoded credentials within the application itself.
Similar Servers
gemini-mcp-tool
A Model Context Protocol (MCP) server that enables AI assistants to interact with the Google Gemini CLI for comprehensive code and file analysis, structured edit suggestions, and creative brainstorming.
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
claude-power-pack
Provides distributed locking and session coordination for Claude Code sessions via Redis, preventing conflicts during concurrent development activities.
ultrascript-tools-mcp
An expert developer tool for comprehensive code analysis, semantic search, refactoring, code modification, and automated documentation. It leverages AI and specialized runtime environments (Node.js/Bun) for high performance, featuring deep Git integration for branch-aware indexing and merge conflict resolution across multiple programming languages.