Hello guys I have just built this
You just run 1 command and all your agents gets a 4000+ skill and 2000+ mcp that they can get at anytime + it's a shared network for all agents where your agent can learn from other agents mistakes
I am willing to give 10 pro access for free if you have time to test it and give me a real feedback about how we can improve it
Running 5 mcp servers for claude code (filesystem, postgres, github, couple internal tools) and just realized they're all completely open. No auth, no scoping, no rate limits. Anyone's agent session can hit any tool with full permissions. The mcp spec doesn't have opinions about any of this which makes it worse.
Now my team wants access and I'm not comfortable just handing them the same unrestricted setup. How are people handling it when multiple devs share the same infrastructure?
Disclosure: I built this. Posting under showcase tag per rule 4.
A few months back, I was reviewing an MCP server that declared `["search_docs"]` in its manifest. Reading Python source, I found a `@tool` calling `psql -c "$user_input"`, plus imports of `subprocess` and `requests`. The manifest said one thing. The code did several other things. Bandit, Semgrep, and gitleaks all ran clean. None of them parse MCP manifests, none of them cross-reference declared tools against actual code reach.
So I built that rule: `agent.declared_vs_imported_delta`. It parses the MCP manifest, walks the Python AST, and reports tools the agent can actually invoke that were never declared. Have not found another static scanner doing this cross-reference. If I missed one, I would genuinely like to know.
Lurkr ended up with 13 more rules around MCP and AI-agent code. Two that are specifically MCP-relevant:
- `agent.unverified_mcp_endpoint` flags manifest pointing at external MCP server URLs without identity verification or transport security
- `tool.shell_without_approval` flags MCP tool manifest, enabling shell execution without an explicit approval flag
The rest cover credential flows into LLM completion calls, eval/subprocess inside `@tool` functions, prompt-template interpolation of user input, plus hygiene basics (hardcoded API keys, unencrypted PEMs, deploy workflows without approval).
Ran it across 20 public agent reference repos, including several MCP server implementations. 665 findings, median 3.5 per repo. Synthetic TP checks, clean-control FP checks, and a 30-finding manual audit (labels: TP / expected-example / noise) live in `docs/LURKR_BENCHMARK.md`. The audit is honest about the noise floor.
Static-only. Read-only. No network calls during scan. MIT.
pip install lurkr
lurkr scan --path ./your-mcp-server
Source: github.com/agentveil-protocol/lurkr
Scope today: Python MCP servers get bounded AST + manifest analysis. TypeScript and JavaScript MCP servers get manifest and endpoint rules, but not code-level rules yet.
If you run an MCP server in production, what risk patterns are you currently scanning for, and what gaps do you see in the static-analysis coverage specifically for MCP?
hi all, i’ve been using personal agents for a while now and they’re pretty good at some things and really bad at others. one thing that annoys me is that i always felt like they never really understood my vibe.
what does that even mean? well they’re really good at doing what they’re told to do, but sometimes youre just looking to explore options, and don’t really know what you’re looking for. in cases like these i feel like its really important for you to define what you consider good “taste”, otherwise you’ll end up with subpar results.
for example: i can give an agent an image and tell it to create a workflow to shop for the specific items in that image. it’s good at things like that. OR, i can tell an agent to go shop for me, and it doesn’t know wtf to even look for because it doesn’t know what i consider “good” and completely misses the mark.
i’m building for that second use case and would really love to get feedback for anyone interested! happy to compensate for your time.
here’s our landing page: https://inspoboard-two.vercel.app/agents
Cloud code has MCP and people are building tools around it
What is there in codeex and how to build things like MCP?
Hi folks,
I’m currently trying to extend my existing MCP server with the ability to analyze large files, but I’m running into some issues.
The files I want to analyze range from around 100 KB to 1 GB. The main problem is that my server needs to run remotely, so simply passing a local file path and having the MCP server load the file does not work in my case.
I brainstormed this with Claude and ChatGPT and came up with a chunked upload approach, where the file is split into several chunks and uploaded to the MCP server. Each chunk would be sent as a separate tool call.
After several iterations, I still haven’t managed to get this approach working reliably, and I’ve burned through a lot of tokens during test uploads. I’m wondering whether I’m the only one facing this problem, or if there is an established concept or design pattern for solving it.
Has anyone else run into this issue and maybe found a good solution?
Hi Reddit,
Over the last few weeks, my team and I at Alpic have been working on a complete revamp of the Skybridge framework to make it as smooth and easy to get started with as possible.
As you may know, Skybridge is an open-source framework we built to help developers get started with MCP apps. It’s a thin layer on top of the official TypeScript SDK that provides the wiring and tooling needed specifically for apps.
With this v1 release, we’ve introduced:
We also stabilized the API with a simplified design and are proud to offer strong tool-to-component type safety.
It’s now also possible to deploy Skybridge outside of Alpic. While Alpic was designed specifically for MCP app hosting, we understand that some users may prefer hosting on different stacks for their own reasons.
Hope you enjoy it!
I built a small open-source MCP server for Jira Tempo.
The reason was pretty simple: I didn't want to manually log time every day anymore.
It's not difficult, but it is repetitive. Open Jira, find the issue, open Tempo, create the worklog, write the description, repeat the same thing tomorrow.
Since I already use Claude and agents for parts of my workflow, I wanted to move this into the same flow. Now after finishing a work session, I can ask the agent to log the time instead of doing it manually.
Current tools:
- create worklog
- bulk create worklogs
- retrieve worklogs
- edit/delete worklogs
- find missing worklog days
- get basic worklog analytics
It supports Claude, Codex, Cursor and any other MCP-compatible clients.
I’m sharing it mostly to get feedback from people building or using MCP workflows. Curious if others are automating similar small but annoying dev admin tasks.
Repo:
I’ve been working on Gutenberg CLI, an open-source tool for turning API surfaces into usable local tools for AI agents.
The idea is simple: most agent tooling still relies on hand-written glue code. Gutenberg takes an API spec or capture and generates a complete tool surface that agents can actually use.
It can generate:
Inputs include OpenAPI, HAR captures, GraphQL, Postman/Insomnia exports, JSON endpoints, and curl-style workflows.
The part I care about most is verification. Generated tools are checked with build, CLI smoke tests, MCP handshake, and Go tests before being treated as usable. The repo also includes a catalog of verified examples and generated tools.
This is not meant to be “just generate some code”. The goal is to generate tools that are safe enough and predictable enough for agents to call locally.
I’d love feedback from people building MCP servers, agent frameworks, internal tools, or API automation systems. Especially curious whether verification proofs and dry-run/default safety policies feel useful, or overkill.
Free Google search MCP that actually works.
(Demo runs Chrome visibly for clarity. Actual usage runs headless by default.)
✅ Actually works (tested 6 free MCPs, all failed)
✅ Search + URL extract in one MCP (replaces the usual search MCP + fetch MCP combo)
✅ 4 tools: `search` / `search_parallel` / `extract` / `search_extract`
✅ No API key, no proxies, no solver
✅ Auto CAPTCHA recovery (Chrome opens, human solves once, retries)
When CAPTCHA fires on any tool, a visible Chrome window opens for a human to solve. Each solve preserves the profile's reputation with Google. Built for sustainable, ethical use.
Speed (1Gbps):
- sequential: ~1.5s/q (warm)
- 4 parallel: ~2s wall
- 10 parallel: ~5s wall
Tools: 'search' / 'search_parallel' / 'extract(url)' / 'search_extract(query)'. Last one bundles search + parallel article extraction (Readability + Turndown).
Stack: TS, Playwright + stealth, Readability, Turndown. ~600 LOC.
💻 https://github.com/HarimxChoi/google-surf-mcp
📦 https://www.npmjs.com/package/google-surf-mcp
⭐ Star helps a solo dev keep maintaining.
Ask me anything about architecture, reliability, or scaling.
Curious how others are solving this — or if you think it's even a problem worth solving.
My setup right now: Claude Code in one terminal working on the backend, Cursor in another terminal working on the frontend. Both speak MCP, both have their own context, both are doing useful work. But they have no idea the other exists.
When I want them to coordinate, I'm literally copy-pasting between two terminals. Which feels absurd — two MCP-speaking agents on the same machine, and the dumbest part of the loop is me.
Some patterns I've seen people try:
**One mega-agent** — give a single agent every tool and let it do everything. Works until the context window fills up and the prompt gets unfocused.
**Manual relay** — what I'm doing now. Doesn't scale past 5 minutes.
**Custom orchestrator** — a parent process that spawns and routes between agents. Real engineering effort, very tied to your specific use case.
**Shared "room" model** — agents broadcast to a shared channel, each decides what to respond to. Inspired by IRC / Slack.
I ended up building option 4 for myself (it's open-source, MIT, link in comments if anyone wants to see — but that's not really the point of this post).
Genuinely curious:
- Are you running multi-agent setups at all, or sticking to one big agent?
- If multi-agent, how are you handling the cross-talk problem?
- Is there a pattern I'm missing?
Like many of you, we struggled with sending massive, messy JSON responses from existing APIs to LLMs. It wastes tokens, increases latency, and honestly, most models get lost in the noise.
That’s why we built reShapr: an open source, no-code MCP Server that acts as an intelligent proxy between your LLM and your APIs (REST, GraphQL, gRPC).
The Goal: Reshape complex API payloads into lean, structured context before it hits the model.
We are firm believers in the power of open source. reShapr was launched by the maintainers of Microcks, a CNCF incubating project. Just like with Microcks, we are fully community-driven and committed to the "open" in open source.
I'm posting here to grab feedback. If you like the vision, please join the community and help us shape the future of API-to-LLM integration!
Get Started:
We want to hear from you! How are you handling API-to-AI context today? Would love to hear your thoughts, feature requests, or even your "nightmare JSON" stories.
I kept running into the same two problems when using LLMs to generate n8n workflows:
main connections for sub-nodes (language model, memory, tools) instead of typed connections (ai_languageModel, ai_memory, ai_tool). The workflow imports fine, looks fine, and then the agent runs completely blind at execution time.So I built u/automatelab/n8n-mcp - an MCP server with nine tools split across two modes.
Stateless tools (no n8n instance needed):
Live-instance tools (need your API key):
The stateless tools are the main thing. You can ask Claude in any MCP-capable host (Cursor, Claude Desktop, Cline, Windsurf, Zed, Continue, Goose) to build or debug a workflow without touching your n8n instance at all. The validation step catches schema errors, deprecated nodes (function -> code), and the zero-item trap before you ever import anything.
It's distinct from czlonkowski/n8n-mcp which focuses on breadth (20+ tools, node documentation indexing). This one is narrower: authoring correctness and execution diagnostics.
Install:
npm install -g u/automatelab/n8n-mcp
Then add it to your MCP host config. Full setup for each host is in the docs.
Repo: https://github.com/ratamaha-git/n8n-mcp Write-up with examples: https://automatelab.tech/n8n-mcp-server/
MIT licensed. Happy to answer questions about how the validation logic works or what specific error patterns it catches.
I built a small open-source CLI for MCP server authors who use stdio transport.
The problem it checks for is simple but painful: any console.log(), print(), or other stdout text can corrupt the JSON-RPC stream. The tool runs a real initialize handshake, optionally sends a request like tools/list, allows stderr logs, and fails on stdout pollution, invalid JSON-RPC frames, crashes, timeouts, or missing responses.
Install/test:
npx --yes mcp-stdio-guard -- <your-server-command>
Repo:
https://github.com/1Utkarsh1/mcp-stdio-guard
I would love feedback from people building MCP servers: what other stdio/protocol failures should it catch?
We just launched an official MCP server for Claude that lets Claude work directly with your trips, itineraries, activities, stays, transportation, and expenses.
MCP URL: https://mcp.tripsy.app
Once connected, Claude can do things like:
A few examples I’ve been using:
>“Reorganize my Tokyo itinerary to minimize transit time.”
>“Add three highly rated ramen restaurants near my hotel in Shinjuku.”
>“Move outdoor activities to the days with better weather.”
>“My flight arrives six hours late. What should I move to another day?”
>“Create a five-day Kyoto itinerary focused on food, temples, and quieter neighborhoods.”
The nice part is that Claude is working with structured trip data through MCP instead of trying to infer everything from pasted text.
The MCP server currently exposes tools for:
Some available tools include:
Setup in Claude takes about a minute:
There’s also a CLI if anyone wants to automate workflows or use Tripsy from the terminal: https://github.com/tripsyapp/cli
You can check more details about this here: https://tripsy.app/claude
Happy to answer technical questions about the MCP implementation, tools, auth flow, or use cases.
Hey everyone,
We built opendesk: it lets AI agents control your desktop using computer use MCP that can integrate with your custom workflow.
Today we shipped something a bit wild:
Your AI can now see, click, type, and navigate on a completely different computer, over your WiFi.
You can pair them once and your agent can control it all from a single conversation.
No cloud, account login, or servers in the middle. Everything stays on your local network, fully encrypted.
Free and open source — Mac, Linux, and Windows.
github.com/vitalops/opendesk
Happy to answer any questions!
Just shipped v0.1.0 of something I've been building. Sharing because I haven't seen anyone solve this end-to-end as a self-hostable thing.
The problem. AI agents (Claude, ChatGPT, Cursor, in-house bots) are starting to make real calls into production APIs. Most companies are handing them a single long-lived API key and praying. There's no per-request audit, no per-agent revocation, no policy layer, no human-in-the-loop for sensitive mutations.
What GetMCP does:
- Generates two MCP servers from any OpenAPI spec: Internal (full surface) and External (scoped/customer-safe). LLM-classified, human-overridable per endpoint.
- Runs as a streaming proxy in front of them : auth, agent identity (revocable in 5s), 5 rule types (allowlist / block / audit / rate-limit / Slack approval).
- Tamper-evident audit log, every call writes one row to a per-org sha256 hash chain. GET /audit/verify walks it end-to-end. Property-tested with 200 random inserts + 50 random tampers, all detected.
- Slack approvals with HMAC-signed callbacks and an idempotent state machine.
Stack: NestJS + Postgres + React. Apache 2.0. Single bash command to bootstrap (./deploy/scripts/bootstrap.sh) generates secrets, brings up Postgres + API + dashboard, seeds a demo org. Helm chart included for k8s. No telemetry, no phone-home, no license server.
Repo: https://github.com/Rayenbabdallah/GetMCP
Looking for honest feedback especially from anyone who's tried to safely expose APIs to AI agents in their homelab or at work. What did I miss? Where's the ergonomics broken? PRs welcome.
Hey all,
I have been building MCP servers for a few months now and the cross-client testing situation is killing me. I wanted to see if this is just a skill issue before I go build something.
Last week I had an MCP that worked perfectly in Claude Desktop, exposed all 12 tools in Gemini CLI, but in Copilot CLI it showed zero tools. No error, no warning, no log entry. Just silent failure. It took me about 4 hours of adding print statements everywhere to figure out it was choking on a specific JSON schema field that Copilot's client parses more strictly than the others.
This keeps happening. I found out that different LLMS have different tolerances for schema quirks, different auth handshakes, different timeout behaviors.
So I have been thinking about building something that runs your MCP server against a bunch of real agent clients (Claude Desktop, OpenAI Agents SDK, Gemini, etc.) and tells you where it breaks and why. It may run as a CLI or a GitHub Action on every PR.
Before I start developing this, I would love a sanity check:
Thanks for any feedback!
One of the small failure modes I keep hitting with agent stacks is that the model has no idea how much time passed between turns. It'll greet you with "good morning" at 11 PM, or pick up a conversation three weeks later as if no time has passed, or compute "today's data" off whatever fragment of context happens to be in scope.
Built a minimal MCP server to fix it. Two tools: temporal_tick and temporal_peek. They return elapsed-time-since-last-turn, day-rollover detection, and a fresh-thread flag, both as a human-readable header and as JSON.
Ways to use:
Local stdio: pip install temporal-mcp (works with Claude Desktop, Cursor, Cline, Zed, Claude Code)
Hosted with OAuth (claude.ai / ChatGPT): visit https://temporal-mcp.dev/connect, click "Generate OAuth Credentials", paste into your custom connector. Full OAuth 2.0 with PKCE and refresh tokens, but no signup, the credential pair is the identity. (Verified working in claude.ai).
Hosted with raw bearer (any client that supports custom headers): Authorization: Bearer <any-opaque-string> against https://temporal-mcp.dev/mcp. The token gets SHA-256'd; we never see the plaintext.
Self-host: Cloudflare Workers deploy in workers/ in the repo, free tier covers ~100k req/day.
Grok/xAI: https:temporal-mcp.dev/mcp/<string> (Verified working with Grok)
MIT, ~150 lines of stdlib Python on the local side, ~400 lines of TypeScript on the hosted side (engine + OAuth provider), both with tests. Listed in the official MCP Registry. Smithery and Glama submissions in flight.
Curious to hear how folks would use the JSON day_rollover and delta_sec signals. I've been using them for context decay and resume detection but there are probably more interesting use cases.
Source: github.com/MirrorEthic/temporal-mcp
Every time I started a new session with Claude Code or Cursor, the agent had zero memory of what we'd done before. Architecture decisions, recurring bugs, project preferences — gone.
So I built MemoryMesh: an MCP server that indexes your local files and gives any MCP-compatible agent persistent memory across sessions. Semantic search, real-time file watcher, tiered memory with decay, 47 data source connectors. Everything runs locally, nothing to the cloud. It's on GitHub under kilhubprojects/memory-mesh and on PyPI as memorymesh-mcp. It's new.
I'd genuinely like to know where it breaks — especially on Cursor, Windsurf, or custom MCP setups. What doesn't work for you?
