claude-mermaid
Verified Safeby veelenga
Overview
Provides an MCP server for rendering Mermaid diagrams in Claude Code with live reload, multiple save formats, and interactive previews.
Installation
claude-mermaidEnvironment Variables
- CLAUDE_MERMAID_LOG_LEVEL
Security Notes
The server implements strong security practices including Content Security Policy (CSP) headers for web previews and robust path validation (`validateSavePath`, `validatePreviewId`) to prevent path traversal attacks when saving or accessing diagrams. `execFile` is used for rendering diagrams via `mermaid-cli`, which is generally safer than `exec`. Input parameters for `mermaid-cli` are sanitized or enum-restricted, mitigating command injection risks. No hardcoded secrets or obvious malicious patterns were found. The primary attack surface is through the `mermaid-cli` itself and the interpretation of diagram code, which is an inherent risk when rendering user-provided code, but not directly attributable to server vulnerabilities.
Similar Servers
spec-workflow-mcp
Facilitates structured, specification-driven software development by providing a workflow engine, real-time dashboards, and tools for task management, approvals, and detailed implementation logging, integrated with AI agents and VSCode.
mcp-mermaid
Generate Mermaid diagrams and charts from textual syntax, primarily for AI models or documentation platforms to visualize information dynamically.
memory-graph
A graph-based MCP server that provides intelligent memory capabilities for Claude Code, enabling persistent knowledge tracking, relationship mapping, and contextual development assistance.
install-this-mcp
The tool generates comprehensive, client-specific installation guides for remote Model Context Protocol (MCP) servers, reducing friction for server maintainers.