74
/ 100
23 days ago
glama

ottoauthMCP

Standalone MCP server that proxies tool calls to Ottoauth HTTP endpoints, enabling account creation and dynamic service interaction.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 1 critical
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: AGENT_GATEWAY_AUTH_TOKEN, OTTOAUTH_WEBHOOK_SECRET
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 critical

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@3.2.4GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretAGENT_GATEWAY_AUTH_TOKEN(optional bearer token to gateway)
configAGENT_GATEWAY_URL(relay destination)
configMCP_AUTO_OFF_IDLE_S
configMCP_DEFAULT_ENABLED
configMCP_HTTP_HOST
configMCP_HTTP_PORT
configMCP_LOOP_INTERVAL_S
configOTTOAUTH_BASE_URL"": "https://your-ottoauth-domain.com"
configOTTOAUTH_MCP_ARGS
configOTTOAUTH_MCP_COMMAND
configOTTOAUTH_MCP_CWD
configOTTOAUTH_WEBHOOK_ALLOW_UNSIGNED1 (dev only)
configOTTOAUTH_WEBHOOK_HOSTOTTOAUTH_WEBHOOK_PORT / / OTTOAUTH_WEBHOOK_PATH
configOTTOAUTH_WEBHOOK_MAX_SKEW_MS
configOTTOAUTH_WEBHOOK_PATHOTTOAUTH_WEBHOOK_PORT / OTTOAUTH_WEBHOOK_HOST /
configOTTOAUTH_WEBHOOK_PORT/ OTTOAUTH_WEBHOOK_HOST / OTTOAUTH_WEBHOOK_PATH
🔐 secretOTTOAUTH_WEBHOOK_SECRET(recommended; validates x-ottoauth-signature)
configPORT
configWEBHOOK_EVENT_STORE_PATH(defaults to .ottoauth-webhook-events.json in cwd)
configWEBHOOK_RETRY_BASE_MS(default 2000)
configWEBHOOK_RETRY_MAX(default 8)
configWEBHOOK_WORKER_INTERVAL_MS
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/clamepending-ottoauthmcp-jec7xw)](https://m8ven.ai/mcp/clamepending-ottoauthmcp-jec7xw)
commit: 1c21d98035ffcf9fbead37157baabdc6af3b5e9f
code hash: 63845c526637b1b512767347bff970bbe53e3a3c9b097f9db791fb5077f7e08e
verified: 6/24/2026, 10:12:13 AM
view raw JSON →