hackmd-mcp
Verified Safeby yuna0x0
Overview
The server provides an interface for LLM clients to access and manage HackMD notes, teams, user profiles, and reading history through the HackMD API.
Installation
npx -y hackmd-mcpEnvironment Variables
- HACKMD_API_TOKEN
- HACKMD_API_URL
- PORT
- TRANSPORT
- CORS_ORIGIN
- ALLOWED_HACKMD_API_URLS
Security Notes
The server handles sensitive HackMD API tokens via environment variables or HTTP headers. It includes a feature to restrict allowed HackMD API URLs, which is a good security practice. However, if self-hosting the HTTP transport with a pre-configured token, the README explicitly warns that the endpoint must be protected with authentication, otherwise anyone can access the server using the configured token. There is also a point where base64-encoded config from query parameters is JSON parsed, which, while mitigated by subsequent schema validation, could potentially be a vector for malformed data attacks if not robustly handled by the underlying MCP SDK.
Similar Servers
simplenote-mcp-server
Integrates Simplenote with Claude Desktop (or other MCP clients) to provide AI agents with a personal memory backend and content source for note management, advanced search, and organization.
mcp-server-llmling
mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.
mcp-http-agent-md
This server provides a Minimal Model Context Protocol (MCP) HTTP server for managing AI agent projects, structured tasks, and versioned history, enabling subagent orchestration and document management.
google-docs-mcp-server
Facilitates real-time, intelligent interaction with Google Docs by exposing document manipulation tools to large language models.