toolsdk-mcp-registry

Name: toolsdk-mcp-registry
Author: toolsdk-ai

by toolsdk-ai

Overview

An API-driven registry for Model Context Protocol (MCP) servers, enabling discovery, detail retrieval, and execution of various AI tools and agents.

Installation

Run Command

NODE_ENV=production tsx src/api/index.ts

Environment Variables

MCP_SANDBOX_PROVIDER
DAYTONA_API_KEY
DAYTONA_API_URL
SANDOCK_API_KEY
SANDOCK_API_URL
E2B_API_KEY
MEILI_HTTP_ADDR
MEILI_MASTER_KEY
PORT
MCP_SERVER_PORT
REGISTRY_BASE_URL
ENABLE_SEARCH
MCP_OAUTH_CLIENT_ID
MCP_OAUTH_CLIENT_SECRET

Security Notes

CRITICAL RISK: The registry's design explicitly supports arbitrary code execution through 'StdioClientTransport' for local MCP servers (Node.js, Python, Docker) and as a fallback for sandbox executors. This means installing and running a malicious MCP package can lead to arbitrary code execution on the host system where the registry is running. The `install-python-deps.sh` script installs hundreds of PyPI packages, and the internal validation scripts (`test-mcp-clients.ts`, `py-test-mcp-clients.ts`) also execute MCP client code as part of their process, posing a significant supply chain risk. While sandboxing is an option, its partial support (only Node.js for sandboxes) and fallback to local execution for other runtimes severely limit its effectiveness. User-provided `envs` are passed directly to subprocesses, which could also be exploited.

Similar Servers

MCPJungle

813

MCPJungle is a self-hosted Model Context Protocol (MCP) Gateway that allows developers to register and manage various MCP servers and their tools from a central location, enabling AI agents to discover and consume these tools from a single gateway.

AI & ML

$Low

mcp-gateway-registry

386

Provides a programmatic interface to interact with the main MCP Gateway Registry API, enabling tasks like registering/toggling services, managing groups/users, and intelligently discovering tools across registered services using semantic search and access control.

AI & ML

$Low