metalsmith-plugin-mcp-server
Verified Safeby wernerglinka
Overview
The Metalsmith Plugin MCP Server provides tools for AI assistants to scaffold, validate, and maintain high-quality Metalsmith plugins, enforcing best practices and modern development standards.
Installation
npx metalsmith-plugin-mcp-server serverEnvironment Variables
- GH_TOKEN
Security Notes
The server incorporates robust path sanitization (`sanitizePath`) across all tools to prevent directory traversal vulnerabilities. It uses `spawn` and `execSync` for necessary interactions with `npm`, `git`, `eslint`, and `prettier`, which is appropriate for a development tool, and the commands are largely fixed. The server itself actively *validates* user-provided plugins for security anti-patterns like `eval()`, shell execution without input validation, hardcoded secrets, and environment variable logging, indicating strong security awareness in its design. Release processes leverage `gh auth token` for secure GitHub token handling.
Similar Servers
mcpb
This repository provides a CLI tool and library for building, validating, packing, signing, and verifying MCP (Model Context Protocol) Bundles, which are zip archives containing local MCP servers and their metadata for distribution.
claude-prompts
This server provides a hot-reloadable prompt engine with chains, quality gates, and structured reasoning for AI assistants, enhancing control over Claude's behavior in prompt workflows.
mcp-kit
A CLI tool for scaffolding new Model Context Protocol (MCP) applications, including MCP Servers and Clients.
responsible-vibe-mcp
Manages conversation state and guides LLM coding agents through structured software development workflows with long-term project memory and multi-agent collaboration.