mcpm
by spre-sre
Overview
A CLI tool for developers to install, manage, and register Model Context Protocol (MCP) servers with Claude Code and Gemini CLI.
Installation
mcpmSecurity Notes
The tool's core functionality involves downloading and executing arbitrary code (MCP servers) from user-specified or inferred repositories. This is an inherent risk for any package manager. Specifically, the `internal/builder/shell.go` executes build commands using the user's shell (`zsh -l -c command` or `bash -l -c command`), which can be more susceptible to shell injection if the command strings themselves were derived from untrusted, unsanitized user input. The `mcpm add` command allows direct registration of arbitrary commands and arguments for MCP servers. While this is an intended feature, it means the security responsibility lies entirely with the user to ensure the commands and repositories they instruct `mcpm` to handle are trusted. No direct hardcoded secrets or obfuscation were identified within the provided source code, but the execution of untrusted external code remains a significant vector for security compromise.
Similar Servers
claude-code-subagents-collection
The repository serves as a comprehensive marketplace and registry for Claude Code, offering a wide array of specialized AI agents, commands, hooks, and a catalog of external Model Context Protocol (MCP) servers to enhance development workflows.
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
cli
The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.