Back to MCP Trust Indexm8ven
68
grade C
4 days ago
npm

dpesch/mantisbt-mcp-server

MCP server for MantisBT REST API – read and manage bug tracker issues

dpesch/mantisbt-mcp-server· npm: @dpesch/mantisbt-mcp-server· listed on npm

Install from

npmnpmGlama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 1 critical, 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: MANTIS_API_KEY, MCP_HTTP_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretMANTIS_API_KEY"": "your-api-token"
configMANTIS_BASE_URL"": "https://your-mantis.example.com/api/rest",
configMANTIS_CACHE_DIR~/.cache/mantisbt-mcp Directory for the metadata cache
configMANTIS_CACHE_TTL3600 Cache lifetime in seconds
configMANTIS_SEARCH_BACKENDvectra Vector store backend: vectra (pure JS) or sqlite-vec (requires manual install)
configMANTIS_SEARCH_DIR{MANTIS_CACHE_DIR}/search Directory for the search index
configMANTIS_SEARCH_ENABLEDfalse Set to true to enable semantic search
configMANTIS_SEARCH_MODELXenova/paraphrase-multilingual-MiniLM-L12-v2 Embedding model name (downloaded once on first use, ~80 MB)
configMANTIS_SEARCH_THREADS
configMANTIS_UPLOAD_DIR
configMCP_HTTP_HOST127.0.0.1 Bind address for HTTP mode. Changed from 0.0.0.0 to 127.0.0.1 — the server now listens on localhost only by default. Set to 0.0.0.0 for Docker or remote access.
🔐 secretMCP_HTTP_TOKENWhen set, the /mcp endpoint requires Authorization: Bearer <token>. The /health endpoint is always public.
configMCP_TEST_ENVIRONMENT
configPORT3000 Port for HTTP mode
configTRANSPORTstdio Transport mode: stdio or http
config_PREPUSH_FILTER_ACTIVE
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/dpesch-mantisbt-mcp-server-1q66u3)](https://m8ven.ai/mcp/dpesch-mantisbt-mcp-server-1q66u3)
commit: 1ac84c1d17ba3152f9cd2c689fcc4dab7c1ad293
code hash: e9a9c88e63504075638e2116cf3eb20df4692596e3d2b83bbfd73192a755cd49
verified: 4/18/2026, 4:09:04 PM
view raw JSON →