XPack-MCP-Marketplace
by xpack-ai
Overview
XPack is an open-source marketplace platform designed to allow users to create and sell their own Model Context Protocol (MCP) services, facilitating AI agent integration with various APIs.
Installation
curl -sSO https://xpack.ai/install/quick-start.sh; bash quick-start.shEnvironment Variables
- MYSQL_ROOT_PASSWORD
- MYSQL_DATABASE
- REDIS_PASSWORD
- RABBITMQ_DEFAULT_USER
- RABBITMQ_DEFAULT_PASS
- PAYMENT_CONFIG_SECRET_KEY
- STRIPE_SECRET
- STRIPE_WEBHOOK_SECRET
- ALIPAY_APP_ID
- ALIPAY_APP_PRIVATE_KEY
- ALIPAY_PUBLIC_KEY
- WXPAY_APP_ID
- WXPAY_MCH_ID
- GOOGLE_CLIENT_ID
- GOOGLE_CLIENT_SECRET
- SMTP_HOST
- SMTP_PORT
- SMTP_USER
- SMTP_PASSWORD
- SMTP_SENDER
- NEXT_PUBLIC_API_URL
- NEXT_PUBLIC_STATIC_URL_PREFIX
- NEXT_PUBLIC_GOOGLE_CLIENT_ID
- NEXT_PUBLIC_MCP_URL
- NEXT_PUBLIC_DOMAIN_HOST
Security Notes
The quick-start script and Docker Compose configuration include critical security risks. All Docker containers are run with `privileged: true`, which grants them root capabilities on the host system, making the host extremely vulnerable. The quick-start script also disables SELinux (`setenforce 0`, `SELINUX=disabled`), further weakening system security. Default hardcoded passwords for MySQL, Redis, and RabbitMQ (e.g., `mysql_ZTdhRB`, `redis_6sJZDm`, `rabbitmq_Gs123dA`, `admin/123456789`) are set, posing a significant risk if not changed immediately. While there's an encryption mechanism for payment configurations (`PAYMENT_CONFIG_SECRET_KEY`), the fundamental deployment approach is severely insecure for a production environment, especially one handling user data and payments.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
metorial-platform
The Metorial Platform is an open source integration platform for agentic AI, designed to connect any AI model to thousands of APIs, data sources, and tools with a single function call, built to scale to tens or hundreds of thousands of concurrent MCP connections.
paddle-mcp-server
Enables AI agents and LLMs to manage Paddle Billing entities like products, prices, subscriptions, customers, and transactions through a Model Context Protocol (MCP) server.