mcp_todo
Verified Safeby thijs-hakkenberg
Overview
A Git-backed todo management system offering web, Telegram bot, and Model Context Protocol (MCP) interfaces for collaborative task tracking and version control.
Installation
npm startEnvironment Variables
- TODO_REPO_PATH
- GIT_USER_NAME
- GIT_USER_EMAIL
- TELEGRAM_BOT_TOKEN
- TELEGRAM_AUTHORIZED_USER_ID
Security Notes
The system uses stdio for inter-process communication (IPC) with its core MCP server, which is generally secure. The API server component exposes a REST API with configurable CORS. Primary security considerations revolve around the `TODO_REPO_PATH` environment variable (which dictates where the Git repository is stored on the host filesystem) and `MCP_SERVER_PATH` (which executable the internal MCP client spawns). If these paths are configured maliciously or are user-controlled without strict validation, it could lead to file system vulnerabilities or arbitrary code execution. However, these are typically administrator-configured variables. The Docker setup correctly utilizes a non-root user for execution. No `eval` or code obfuscation is present.
Similar Servers
backlog-mcp-server
Integrate Backlog API with AI agents (e.g., Claude) to manage projects, issues, wikis, and Git repositories through natural language commands.
mcp-github-project-manager
AI-powered GitHub Project Management, including automated roadmap generation, sprint planning, issue triaging, task breakdown, and comprehensive project workflow automation.
mcp-container-ts
An MCP server providing secure, role-based access to external tools (like a TODO list) for Large Language Models via Streamable HTTP, with built-in observability.
todo-mcp-server
Provides autonomous task management and random string generation for AI agents via Model Context Protocol (MCP) using stdio or HTTP transports.