72
/ 100
23 days ago
glama

kit-mcp

An agent-optimized MCP server for Kit.com (formerly ConvertKit) that enables full management of email marketing campaigns, subscribers, and broadcasts. It provides 13 composite tools covering the entire Kit V4 API with built-in rate limiting and formatted responses for efficient AI interaction.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 2 critical, 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: KIT_API_KEY, KIT_OAUTH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies2 critical2 high1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@2.1.0GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

criticalvitest@2.1.0GHSA-9crc-q9x8-hgqq

Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

high@modelcontextprotocol/sdk@1.25.0GHSA-345p-7cg4-v4c7

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

high@modelcontextprotocol/sdk@1.25.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

lowtsup@8.3.0GHSA-3mv9-4h5g-vhg3

tsup DOM Clobbering vulnerability

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretKIT_API_KEY"": "your-kit-api-key"
🔐 secretKIT_OAUTH_TOKENOAuth Token (optional, for purchases and bulk operations): Set alongside your API key.
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/dancumberland-kit-mcp-hoedhl)](https://m8ven.ai/mcp/dancumberland-kit-mcp-hoedhl)
commit: e2bfa8ea93bbe328b0b410f5d6db678711d038ad
code hash: be8ec816a1bfde8074088465ad87189d5a1c367af25c32e3952d10250318e258
verified: 6/11/2026, 11:26:47 AM
view raw JSON →