toolhive-studio
Verified Safeby stacklok
Overview
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.
Installation
pnpm run startSecurity Notes
The application uses hardcoded encryption keys ('toolhive-threads-encryption-key', 'toolhive-chat-encryption-key') for Electron Store, including for API keys and chat history. While this provides basic obfuscation, it offers no real security against a determined attacker who can access the application's code. Sensitive data stored with these keys should not be considered truly secure. The application properly uses `contextBridge` for secure IPC and implements a strong Content Security Policy (CSP). Executing external binaries (`thv`, `docker`, `podman`) is inherent to its functionality and appears controlled, but is always a potential attack surface if user input is not rigorously sanitized.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcp-router
A desktop application that simplifies the management and aggregation of Model Context Protocol (MCP) servers.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-cli
A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.