cli
Verified Safeby smithery-ai
Overview
The Smithery CLI installs, manages, develops, and runs Model Context Protocol (MCP) servers, acting as a client-agnostic tool for AI client integration.
Installation
npx @smithery/cli install exaEnvironment Variables
- NODE_ENV
- LOCAL_REGISTRY_ENDPOINT
- REGISTRY_ENDPOINT
- SMITHERY_BEARER_AUTH
- ANALYTICS_ENDPOINT
- SMITHERY_CONFIG_PATH
- PORT
- FORCE_COLOR
- LOG_LEVEL
Security Notes
The CLI's core functionality involves executing arbitrary code bundles and commands sourced from the Smithery registry. This includes spawning child processes, downloading and extracting packages (using `@anthropic-ai/mcpb`), and running them locally. While this is the intended design, it introduces a significant supply chain risk: users must implicitly trust the Smithery registry and the authors of the MCP servers they install. A compromised registry or a malicious server package could lead to arbitrary code execution on the user's machine. Network requests to the registry and for tunnel creation (via ngrok) also present standard network-based attack vectors. API keys are handled, implying sensitive data management.
Similar Servers
mcpm.sh
This server provides a command-line interface to manage Model Context Protocol (MCP) servers, allowing users to discover, install, configure, run, share, and monitor them.
claude-prompts-mcp
Manages hot-reloadable prompt templates, structured reasoning, and multi-step chain workflows to enhance AI assistant interactions through a Model Context Protocol (MCP) compatible server.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
mmcp
Manages Model Context Protocol (MCP) server definitions in a central configuration and applies them to various AI agent tools.