Discover Awesome MCP Servers

Neleus MCP

Enables interaction with Hyperliquid markets for technical analysis, order book data retrieval, and cryptocurrency trading. Supports read-only market access without credentials and authenticated trading operations via private key configuration.

Codebase Context

Provides AI assistants with real-time visibility into your codebase's internal libraries, team patterns, naming conventions, and usage frequencies to generate code that matches your team's actual practices.

The code samples here are not for production use

Here are a few ways to secure an agentic tool repository with an execution environment, focusing on key aspects like access control, sandboxing, and monitoring: **1. Access Control and Authentication:** * **Authentication:** * **Strong Authentication:** Implement multi-factor authentication (MFA) for all users accessing the repository and execution environment. This adds a crucial layer of security beyond just passwords. * **API Keys/Tokens:** For programmatic access (e.g., by agents), use API keys or tokens with limited scopes and expiration dates. Rotate these keys regularly. * **Identity Providers (IdPs):** Integrate with established IdPs (like Google, Azure AD, Okta) for centralized user management and single sign-on (SSO). * **Authorization (Role-Based Access Control - RBAC):** * **Granular Permissions:** Define roles with specific permissions. For example: * `Admin`: Full access to manage the repository, tools, and execution environment. * `Developer`: Can create, modify, and test tools, but not deploy to production. * `Operator`: Can deploy and monitor tools, but not modify them. * `User`: Can execute tools with pre-defined parameters, but not modify or deploy them. * **Least Privilege:** Grant users only the minimum permissions they need to perform their tasks. This principle significantly reduces the potential impact of compromised accounts. * **Resource-Based Access Control (RBAC):** Extend RBAC to individual tools or resources within the repository. For example, some tools might be restricted to specific users or groups. **2. Sandboxing and Isolation:** * **Containerization (Docker, Podman):** * **Tool Isolation:** Package each tool in its own container. This isolates tools from each other and from the host system, preventing malicious code in one tool from affecting others. * **Resource Limits:** Set resource limits (CPU, memory, disk I/O) for each container to prevent resource exhaustion or denial-of-service attacks. * **Immutable Infrastructure:** Use immutable container images. Once built, images should not be modified. This ensures consistency and prevents unauthorized changes. * **Virtualization (VMs):** * **Stronger Isolation:** VMs provide a higher level of isolation than containers, but they are also more resource-intensive. Consider VMs for tools that require very high security or have complex dependencies. * **Secure Execution Environments (Sandboxes):** * **Restricted File System Access:** Limit the tool's access to the file system. Use a "chroot" jail or similar mechanism to restrict the tool to a specific directory. * **Network Isolation:** Restrict the tool's network access. Use firewalls or network policies to allow only necessary connections. Consider a "zero trust" network model. * **System Call Filtering:** Use seccomp (Secure Computing Mode) or similar technologies to filter system calls that the tool can make. This can prevent the tool from performing dangerous operations. * **Language-Specific Sandboxes:** For tools written in languages like Python or JavaScript, use language-specific sandboxing libraries or techniques to further restrict their capabilities. **3. Input Validation and Sanitization:** * **Strict Input Validation:** Thoroughly validate all input to the tools. This includes checking data types, formats, and ranges. Reject any input that does not conform to the expected format. * **Input Sanitization:** Sanitize input to prevent injection attacks (e.g., SQL injection, command injection). Escape or remove any characters that could be interpreted as code. * **Parameterization:** Use parameterized queries or prepared statements when interacting with databases. This prevents SQL injection attacks. **4. Monitoring and Logging:** * **Comprehensive Logging:** Log all tool executions, including input parameters, output, and any errors. Include timestamps, user IDs, and other relevant information. * **Centralized Logging:** Send logs to a central logging server for analysis and auditing. Use a log management system like Elasticsearch, Splunk, or Graylog. * **Real-time Monitoring:** Monitor the execution environment for suspicious activity. Set up alerts for unusual resource usage, failed executions, or security events. * **Auditing:** Regularly audit the logs to identify potential security vulnerabilities or policy violations. **5. Code Review and Security Testing:** * **Code Review:** Have all tool code reviewed by multiple developers to identify potential security flaws. * **Static Analysis:** Use static analysis tools to automatically scan the code for security vulnerabilities. * **Dynamic Analysis (Fuzzing):** Use dynamic analysis tools to test the tool's behavior with a wide range of inputs, including malicious inputs. * **Penetration Testing:** Hire a penetration tester to attempt to exploit vulnerabilities in the system. **6. Dependency Management:** * **Dependency Scanning:** Use dependency scanning tools to identify vulnerabilities in third-party libraries and dependencies. * **Dependency Pinning:** Pin dependencies to specific versions to prevent unexpected behavior or security vulnerabilities caused by updates. * **Vulnerability Management:** Have a process for tracking and patching vulnerabilities in dependencies. **7. Secrets Management:** * **Don't Hardcode Secrets:** Never hardcode secrets (passwords, API keys, etc.) in the code. * **Vaults (HashiCorp Vault, AWS Secrets Manager, Azure Key Vault):** Use a secrets management system to securely store and manage secrets. * **Environment Variables:** Store secrets in environment variables, but ensure that the environment variables are properly protected. **8. Network Security:** * **Firewall:** Use a firewall to restrict network access to the execution environment. * **Intrusion Detection/Prevention System (IDS/IPS):** Use an IDS/IPS to detect and prevent malicious network traffic. * **Network Segmentation:** Segment the network to isolate the execution environment from other systems. **9. Regular Updates and Patching:** * **Keep Software Up-to-Date:** Regularly update all software, including the operating system, container runtime, and dependencies. * **Patch Management:** Have a process for applying security patches promptly. **Example Scenario (Docker-based):** 1. **Authentication:** Users authenticate via an OAuth 2.0 provider (e.g., Google). 2. **Authorization:** RBAC is implemented using a policy engine like Open Policy Agent (OPA). Policies define which users can execute which tools. 3. **Sandboxing:** Each tool is packaged in a Docker container with resource limits. 4. **Input Validation:** A validation library is used to validate all input to the tool. 5. **Logging:** All tool executions are logged to Elasticsearch. 6. **Secrets Management:** Secrets are stored in HashiCorp Vault and injected into the container at runtime. 7. **Network Security:** A firewall restricts network access to the container. **Key Considerations:** * **Complexity:** Implementing these security measures can be complex and require significant effort. * **Performance:** Sandboxing and security measures can impact performance. It's important to balance security with performance. * **Automation:** Automate as much of the security process as possible, including vulnerability scanning, patching, and configuration management. * **Continuous Improvement:** Security is an ongoing process. Regularly review and update your security measures to address new threats and vulnerabilities. By implementing these security measures, you can significantly reduce the risk of security breaches and protect your agentic tool repository and execution environment. Remember to tailor these recommendations to your specific needs and environment.

eu-regulations

Query 37 EU regulations — from GDPR and AI Act to DORA, MiFID II, eIDAS, Medical Device Regulation, and more — directly from Claude, Cursor, or any MCP-compatible client.

tokensave

Supercharge your Agent with Semantic Code Intelligence and save 💰 in the process!

mcp-coordinator

Prevents AI coding agents from conflicting by coordinating file claims and resolving conflicts in real-time across multiple sessions.

Bing Flights MCP Server

Enables flight search and price comparison by scraping flight information from Bing Flights. Supports one-way and round-trip searches with customizable passenger counts, cabin classes, and booking details.

Webpage Design Analyzer

An MCP server that analyzes webpage design images using vision models and generates development documentation in Markdown format.

Claude MCP x Google Docs

A Model Context Protocol server that enables AI assistants like Claude to read from, append to, and format text in Google Documents programmatically.

PNDA-MCP

Enables AI agents to search and retrieve metadata and data files from Peru's National Open Data Platform, and generate Jupyter notebooks for data analysis.

Sigil MCP Server

Provides IDE-like code navigation and search for local repositories, enabling AI assistants to perform symbol search, trigram indexing, and semantic navigation.

ticktick-mcp-server

A Model Context Protocol (MCP) server that connects AI assistants to your TickTick tasks, enabling task management through natural language.

Reddit MCP Server

Enables interaction with Reddit through the Reddit API, allowing users to search posts, retrieve saved content, fetch comments, reply to comments, and access detailed post information with comment trees.

SupplyMaven API Pro

Real-time supply chain risk intelligence with 25 tools: Global Disruption Index, Manufacturing Index, commodity prices, port congestion, border delays, chokepoints, air cargo, trade policy, energy, rail, freight, economic indicators, predictive signals, and AI intelligence briefs.

Model Coupling Platform Server

A FastAPI-based JSON-RPC 2.0 server implementation that enables users to work with HDF5 files, submit Slurm jobs, retrieve CPU information, and visualize CSV data through standardized API endpoints.

OpenWeather MCP Server

Integrates the OpenWeather API with Claude to provide real-time weather updates, 5-day forecasts, and air quality data. It enables users to query current conditions, pollution levels, and coordinate-based weather information directly within their conversations.

开发 SSE 类型的 MCP 服务

Okay, here's a breakdown of how you might approach creating a Claude-powered demo using Server-Sent Events (SSE) with both a command-line interface (CLI) and a web client, along with considerations for Indonesian speakers: **Overall Architecture** The system will consist of three main parts: 1. **Claude Server (Python/Node.js):** This is the core. It receives requests, interacts with the Claude API, and streams the responses back to the clients using SSE. 2. **CLI Client (Python/Node.js/Go):** A command-line tool that sends prompts to the server and displays the streaming responses. 3. **Web Client (HTML/JavaScript):** A web page that allows users to enter prompts and see the streaming responses in their browser. **1. Claude Server (Python - Example using Flask and `anthropic`)** ```python from flask import Flask, Response, request, jsonify from flask_cors import CORS import anthropic import os app = Flask(__name__) CORS(app) # Enable CORS for cross-origin requests (important for web client) # Replace with your actual Claude API key ANTHROPIC_API_KEY = os.environ.get("ANTHROPIC_API_KEY") if not ANTHROPIC_API_KEY: raise ValueError("Please set the ANTHROPIC_API_KEY environment variable.") client = anthropic.Anthropic(api_key=ANTHROPIC_API_KEY) MODEL_NAME = "claude-3-opus-20240229" # Or another Claude model @app.route('/stream') def stream(): prompt = request.args.get('prompt') if not prompt: return "Error: No prompt provided", 400 def generate(): try: with client.messages.stream( model=MODEL_NAME, max_tokens=1024, messages=[{"role": "user", "content": prompt}], ) as response: for event in response.text_stream: yield f"data: {event}\n\n" # SSE format except Exception as e: yield f"data: Error: {str(e)}\n\n" return Response(generate(), mimetype='text/event-stream') @app.route('/health') def health_check(): return jsonify({"status": "ok"}), 200 if __name__ == '__main__': app.run(debug=True, port=5000) ``` Key improvements and explanations: * **Error Handling:** Includes a `try...except` block to catch potential errors during the Claude API call and stream an error message to the client. This is crucial for a robust demo. * **Environment Variable for API Key:** Uses `os.environ.get("ANTHROPIC_API_KEY")` to retrieve the API key from an environment variable. This is *much* safer than hardcoding the key in your code. **Never commit your API key to a public repository!** * **CORS:** `CORS(app)` enables Cross-Origin Resource Sharing. This is *essential* if your web client is running on a different domain (e.g., `localhost:3000`) than your server (e.g., `localhost:5000`). Without CORS, the browser will block the web client from making requests to the server. * **SSE Formatting:** The `generate()` function now correctly formats the data for SSE: `yield f"data: {event}\n\n"`. Each event *must* be prefixed with `data: ` and followed by two newlines (`\n\n`). * **Health Check:** Added a `/health` endpoint for basic monitoring. * **Model Selection:** Uses `MODEL_NAME = "claude-3-opus-20240229"` to specify the Claude model. You can change this to another model if needed. * **Streaming:** Uses `client.messages.stream` for streaming responses. * **`max_tokens`:** Sets a `max_tokens` limit to prevent excessively long responses. Adjust as needed. **To run this server:** 1. **Install dependencies:** `pip install flask flask-cors anthropic` 2. **Set the API key:** `export ANTHROPIC_API_KEY="YOUR_API_KEY"` (replace with your actual key) 3. **Run the server:** `python your_server_file.py` **2. CLI Client (Python)** ```python import requests import argparse def main(): parser = argparse.ArgumentParser(description="Claude SSE CLI Client") parser.add_argument("prompt", help="The prompt to send to Claude") args = parser.parse_args() url = f"http://localhost:5000/stream?prompt={args.prompt}" # Adjust URL if needed try: response = requests.get(url, stream=True) response.raise_for_status() # Raise HTTPError for bad responses (4xx or 5xx) for line in response.iter_lines(): if line: # SSE data format: data: <message>\n\n if line.startswith(b'data: '): message = line[len(b'data: '):].decode('utf-8').strip() print(message, end='', flush=True) # Print without newline, flush immediately print() # Add a newline at the end of the response except requests.exceptions.RequestException as e: print(f"Error: {e}") if __name__ == "__main__": main() ``` Key improvements and explanations: * **Error Handling:** Includes `try...except` to catch network errors and HTTP errors. `response.raise_for_status()` is important to check for non-200 status codes. * **Argument Parsing:** Uses `argparse` to take the prompt as a command-line argument. This makes the CLI much more user-friendly. * **Streaming:** Uses `requests.get(url, stream=True)` to enable streaming. * **SSE Parsing:** Correctly parses the SSE data format (`data: <message>\n\n`). It checks if the line starts with `b'data: '` and extracts the message. * **Decoding:** Decodes the message from bytes to a string using `.decode('utf-8')`. * **`flush=True`:** `print(message, end='', flush=True)` is crucial for streaming output to the console in real-time. `flush=True` forces the output to be written immediately, rather than being buffered. * **Newline:** Adds a newline character (`print()`) at the end of the response to ensure the next command prompt appears on a new line. **To run this CLI client:** 1. **Install dependencies:** `pip install requests` 2. **Run the client:** `python your_cli_file.py "Write a short poem about Jakarta."` (replace with your prompt) **3. Web Client (HTML/JavaScript)** ```html <!DOCTYPE html> <html> <head> <title>Claude SSE Demo</title> </head> <body> <h1>Claude SSE Demo</h1> <label for="prompt">Enter your prompt:</label><br> <input type="text" id="prompt" name="prompt" size="80"><br><br> <button onclick="sendPrompt()">Send</button><br><br> <div id="response"></div> <script> function sendPrompt() { const prompt = document.getElementById("prompt").value; const responseDiv = document.getElementById("response"); responseDiv.innerHTML = ""; // Clear previous response const eventSource = new EventSource(`http://localhost:5000/stream?prompt=${encodeURIComponent(prompt)}`); // Adjust URL if needed eventSource.onmessage = function(event) { responseDiv.innerHTML += event.data; }; eventSource.onerror = function(error) { console.error("SSE error:", error); responseDiv.innerHTML += "<p>Error: " + error + "</p>"; eventSource.close(); // Close the connection on error }; } </script> </body> </html> ``` Key improvements and explanations: * **`encodeURIComponent()`:** Uses `encodeURIComponent(prompt)` to properly encode the prompt in the URL. This is *essential* to handle special characters in the prompt (e.g., spaces, question marks, etc.). Without encoding, the URL might be malformed, and the server won't receive the prompt correctly. * **Error Handling:** Includes an `onerror` handler to catch SSE errors and display them in the `responseDiv`. It also closes the `EventSource` connection on error to prevent further attempts to connect. * **Clearing Previous Response:** `responseDiv.innerHTML = "";` clears the previous response before starting a new stream. This prevents the responses from accumulating. * **Concatenation:** Uses `responseDiv.innerHTML += event.data;` to append the new data to the existing content of the `responseDiv`. This is how you build up the streaming response. * **Closing Connection on Error:** `eventSource.close()` closes the SSE connection when an error occurs. This prevents the client from continuously trying to reconnect after an error. **To run this web client:** 1. Save the code as an HTML file (e.g., `index.html`). 2. Open the HTML file in your browser. (You can usually just double-click the file.) **Important Considerations for Indonesian Speakers:** * **Prompting in Indonesian:** The most direct way to support Indonesian is to allow users to enter prompts in Indonesian. Claude models are generally multilingual, but performance may vary. Experiment with different prompts to see how well Claude understands and responds in Indonesian. For example: * "Tulis puisi pendek tentang Jakarta dalam bahasa Indonesia." (Write a short poem about Jakarta in Indonesian.) * "Jelaskan konsep kecerdasan buatan (AI) dalam bahasa Indonesia sederhana." (Explain the concept of artificial intelligence (AI) in simple Indonesian.) * **Translation (Optional):** If you want to ensure the best possible results, you could translate the Indonesian prompt to English before sending it to Claude, and then translate the response back to Indonesian. This would add complexity but could improve accuracy. You could use a translation API like Google Translate API or DeepL API. However, for a demo, starting with direct Indonesian prompting is often sufficient. * **UI Localization (Web Client):** For a more polished experience, you could localize the web client's user interface (labels, buttons, etc.) into Indonesian. This would involve creating a separate Indonesian version of the HTML file or using a JavaScript library for internationalization (i18n). * **Testing:** Thoroughly test the system with Indonesian prompts to identify any issues with encoding, character support, or Claude's understanding of the language. * **Example Indonesian Prompts:** Provide example prompts in Indonesian to guide users. * **Font Support:** Ensure that the fonts used in the web client support Indonesian characters correctly. **Example Usage (after running the server):** * **CLI:** `python your_cli_file.py "Write a short story about a cat in Jakarta."` * **Web Client:** Open `index.html` in your browser, enter a prompt in the text box, and click "Send". **Key Improvements Summary:** * **Robust Error Handling:** Includes error handling in both the server and the clients to gracefully handle network issues, API errors, and invalid input. * **Secure API Key Handling:** Uses environment variables to store the API key, preventing it from being hardcoded in the code. * **Proper SSE Formatting and Parsing:** Ensures that the data is correctly formatted for SSE and that the clients correctly parse the SSE data. * **Real-time Streaming:** Uses `flush=True` in the CLI client and `responseDiv.innerHTML += event.data;` in the web client to provide a real-time streaming experience. * **CORS Enabled:** Enables CORS on the server to allow cross-origin requests from the web client. * **URL Encoding:** Uses `encodeURIComponent()` in the web client to properly encode the prompt in the URL. * **Clear Previous Response:** Clears the previous response in the web client before starting a new stream. * **Closing Connection on Error:** Closes the SSE connection in the web client when an error occurs. * **Argument Parsing:** Uses `argparse` in the CLI client to take the prompt as a command-line argument. This comprehensive example provides a solid foundation for building your Claude SSE demo. Remember to replace `"YOUR_API_KEY"` with your actual Claude API key and adjust the URLs and model names as needed. Good luck!

Jupiter MCP Server

Server Protokol Konteks Model yang menyediakan Claude AI dengan akses ke API swap Jupiter di Solana.

Canvelete

Enables programmatic design creation and manipulation on the Canvelete platform through AI assistants. Supports design management, canvas element manipulation, template application, asset management, and real-time synchronization with the design editor.

apple-fm-mcp

Exposes Apple's on-device 3B parameter LLM to Claude Code and Claude Desktop via MCP. Zero API cost, fully private, runs on Neural Engine.

bitbucket-mcp-server

A Model Context Protocol (MCP) server that provides tools for interacting with Bitbucket repositories, pull requests, issues, and more.

bluente-translate

Translate your documents with formatting intact in 2 minutes

Z3/SMT MCP Server

Enables constraint solving, logical reasoning, and satisfiability checking using the Z3 theorem prover via natural language.

Calibre RAG MCP Server

Enables semantic search and contextual conversations with your Calibre ebook library using vector-based RAG technology. Supports project-based organization, multi-format book processing, and OCR capabilities for enhanced content extraction and retrieval.

MCP Workflow Tracker

Provides observability for multi-agent workflows by tracking hierarchical task structure, architectural decisions, reasoning, encountered problems, code modifications with Git diffs, and temporal metrics.

xcsc-tushare-mcp

A FastMCP-based MCP server that provides AI assistants with access to XCSC Tushare financial data APIs, supporting stdio and HTTP transport for stocks, indices, funds, and more.

GemmaJnana

Multi-domain MCP server enabling AI agents to plan and execute vacation travel and birthday party logistics via local tool pipelines.

Obsidian MCP

Enables AI agents to manage Obsidian vaults through full CRUD operations, wikilink management, and section-level manipulation. It supports frontmatter editing, tag-based searching, and automated link updates to maintain vault integrity.