Back to Home
trek-boldly-go icon

actual-budget-mcp-server

Verified Safe

by trek-boldly-go

View Source

Overview

A Model Context Protocol (MCP) HTTP server that exposes Actual Budget API functionality as streamable tools and resources for AI agents.

Installation

Run Command
ACTUAL_SERVER_URL=https://your-actual ACTUAL_PASSWORD=your-actual-password ACTUAL_SYNC_ID=your-sync-id npm run dev

Environment Variables

  • MCP_PORT
  • MCP_PUBLIC_URL
  • MCP_AUTH_MODE
  • MCP_BEARER_TOKEN
  • MCP_OAUTH_INTERNAL_ISSUER_URL
  • MCP_OAUTH_ISSUER_URL
  • MCP_OAUTH_PUBLIC_ISSUER_URL
  • MCP_OAUTH_CLIENT_ID
  • MCP_OAUTH_CLIENT_SECRET
  • MCP_OAUTH_INTROSPECTION_URL
  • MCP_OAUTH_AUDIENCE
  • MCP_OAUTH_DISCOVERY_RETRIES
  • MCP_OAUTH_DISCOVERY_RETRY_DELAY_MS
  • MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL
  • ACTUAL_SERVER_URL
  • ACTUAL_PASSWORD
  • ACTUAL_SYNC_ID
  • ACTUAL_DATA_DIR
  • ACTUAL_ENCRYPTION_PASS
  • LOG_LEVEL

Security Notes

The server correctly uses environment variables for sensitive credentials (e.g., Actual API details, OAuth client secrets, bearer tokens). OAuth token introspection is implemented using standard methods. A `MCP_DANGEROUSLY_ALLOW_INSECURE_ISSUER_URL` flag exists to permit HTTP OAuth issuers, but it's explicitly marked for dev-only use and logs a warning. The primary security risks stem from misconfiguration (e.g., weak bearer tokens, disabling authentication, or using insecure OAuth settings in production) rather than inherent vulnerabilities in the provided source code. No 'eval' or obfuscation found. External dependencies (Actual server, Keycloak) security is critical but outside this scope.

Similar Servers

tmcp

151

A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.

Other
8
$Low

mcp-compose

7

This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.

Other
8
$Medium

mcp-http-agent-md

5

This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.

Other
4
$High

fmp_mcp_server

1

Serves real-time financial data via Model Context Protocol (MCP) to AI agents and LLM applications for various financial analyses.

Other
9
$Medium

Stats

Interest Score33
Security Score8
Cost ClassLow
Avg Tokens500
Stars1
Forks0
Last Update2025-12-14

Tags

MCP ServerActual BudgetHTTP APIStreamingFinancial ManagementOAuth