hackmd-mcp
Verified Safeby yuna0x0
Overview
The server provides an interface for LLM clients to access and manage HackMD notes, teams, user profiles, and reading history through the HackMD API.
Installation
npx -y hackmd-mcpEnvironment Variables
- HACKMD_API_TOKEN
- HACKMD_API_URL
- PORT
- TRANSPORT
- CORS_ORIGIN
- ALLOWED_HACKMD_API_URLS
Security Notes
The server handles sensitive HackMD API tokens via environment variables or HTTP headers. It includes a feature to restrict allowed HackMD API URLs, which is a good security practice. However, if self-hosting the HTTP transport with a pre-configured token, the README explicitly warns that the endpoint must be protected with authentication, otherwise anyone can access the server using the configured token. There is also a point where base64-encoded config from query parameters is JSON parsed, which, while mitigated by subsequent schema validation, could potentially be a vector for malformed data attacks if not robustly handled by the underlying MCP SDK.
Similar Servers
simplenote-mcp-server
Integrates Simplenote with Claude Desktop as a memory backend or content source via the Model Context Protocol (MCP), enabling AI interaction with user notes.
mcp-server-llmling
mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.
mcp-http-agent-md
This server acts as a central hub for AI agents, managing project knowledge (AGENTS.md), structured tasks, version history, and ephemeral scratchpads, with capabilities to spawn context-isolated subagents for focused tasks.
claude-team-mcp
A multi-agent MCP server designed for AI development teams to facilitate collaboration between various AI models (like GPT, Claude, Gemini) on complex coding and development tasks.