grade F

7 days ago

glama

MCP Gateway

A universal gateway that aggregates multiple MCP servers into a single interface while providing advanced token optimization, result filtering, and automated summarization. It enables efficient management of large tool catalogs and reduces context usage by up to 95% for major AI clients.

→ abdullah1854/MCPGateway · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 1 credential: QDRANT_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configALLOW_INSECURE— 0 If 1, allow unauthenticated access to dashboard, code APIs, and JSON metrics when AUTH_MODE=none

configAPI_KEYS— AUTH_MODE=api-key with =key1,key2

configAUTH_MODE— api-key with API_KEYS=key1,key2

configCODE_EXECUTION_ALLOWED_TOOLS

configCODE_EXECUTION_ALLOWED_TOOL_PREFIXES

configCODE_EXECUTION_REQUIRE_ALLOWLIST

configCORS_ORIGINS

configFABRIC_LOGIN_CMD

configGATEWAY_LITE_MODE— 1 Lite mode - reduces exposed gateway tools for lower token usage (recommended)

configGATEWAY_NAME— mcp-gateway Gateway name in MCP responses

configHEALTH_REQUIRE_BACKENDS— 0 If 1, /health returns 503 when all configured backends are down

configHOST— 0.0.0.0 Server host

configLOG_LEVEL— info Log level (debug, info, warn, error)

configMCP_GATEWAY_URL— "": "http://localhost:3010/mcp"

configOAUTH_AUDIENCE— mcp-gateway

configOAUTH_ISSUER— OAuth token issuer

configOAUTH_JWKS_URI— OAuth JWKS endpoint

configPII_TOKENIZATION_ENABLED

configPII_TOKENIZATION_TYPES

configPORT— 3010 Server port

🔐 secretQDRANT_API_KEY— Cipher - Qdrant API key

configQDRANT_COLLECTION— Cipher cipher_knowledge Qdrant collection name

configQDRANT_TIMEOUT_MS— Cipher 8000 Qdrant request timeout

configQDRANT_URL— Cipher - Qdrant vector store URL

configRATE_LIMIT_MAX_REQUESTS— 100 Max requests per window

configRATE_LIMIT_WINDOW_MS— 60000 Rate limit window (ms)

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/abdullah1854-mcpgateway-wobzuy)](https://m8ven.ai/mcp/abdullah1854-mcpgateway-wobzuy)

commit: c8944e14c83524bca0864665bfbffc2230e8f469

code hash: 0980eab6b6930d6b768b6f33ffde72b6dea7e0bfc0393003eb357037d4a211c5

verified: 4/18/2026, 6:23:22 PM

view raw JSON →