74
/ 100
26 days ago
glama

MCP Gateway

A universal gateway that aggregates multiple MCP servers into a single interface while providing advanced token optimization, result filtering, and automated summarization. It enables efficient management of large tool catalogs and reduces context usage by up to 95% for major AI clients.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Known vulnerabilities in dependencies: 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 1 credential: QDRANT_API_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies2 high1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

high@modelcontextprotocol/sdk@1.0.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

high@modelcontextprotocol/sdk@1.0.0GHSA-w48q-cv73-mx4w

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

lowuuid@10.0.0GHSA-w5hq-g745-h8pq

uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configALLOW_INSECURE0 If 1, allow unauthenticated access to dashboard, code APIs, and JSON metrics when AUTH_MODE=none
configAPI_KEYSAUTH_MODE=api-key with =key1,key2
configAUTH_MODEapi-key with API_KEYS=key1,key2
configCODE_EXECUTION_ALLOWED_TOOLS
configCODE_EXECUTION_ALLOWED_TOOL_PREFIXES
configCODE_EXECUTION_REQUIRE_ALLOWLIST
configCORS_ORIGINS
configFABRIC_LOGIN_CMD
configGATEWAY_LITE_MODE1 Lite mode - reduces exposed gateway tools for lower token usage (recommended)
configGATEWAY_NAMEmcp-gateway Gateway name in MCP responses
configHEALTH_REQUIRE_BACKENDS0 If 1, /health returns 503 when all configured backends are down
configHOST0.0.0.0 Server host
configLOG_LEVELinfo Log level (debug, info, warn, error)
configMCP_GATEWAY_URL"": "http://localhost:3010/mcp"
configOAUTH_AUDIENCEmcp-gateway
configOAUTH_ISSUEROAuth token issuer
configOAUTH_JWKS_URIOAuth JWKS endpoint
configPII_TOKENIZATION_ENABLED
configPII_TOKENIZATION_TYPES
configPORT3010 Server port
🔐 secretQDRANT_API_KEYCipher - Qdrant API key
configQDRANT_COLLECTIONCipher cipher_knowledge Qdrant collection name
configQDRANT_TIMEOUT_MSCipher 8000 Qdrant request timeout
configQDRANT_URLCipher - Qdrant vector store URL
configRATE_LIMIT_MAX_REQUESTS100 Max requests per window
configRATE_LIMIT_WINDOW_MS60000 Rate limit window (ms)
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/abdullah1854-mcpgateway-wobzuy)](https://m8ven.ai/mcp/abdullah1854-mcpgateway-wobzuy)
commit: c8944e14c83524bca0864665bfbffc2230e8f469
code hash: 0980eab6b6930d6b768b6f33ffde72b6dea7e0bfc0393003eb357037d4a211c5
verified: 6/17/2026, 12:12:13 PM
view raw JSON →