A minimal MCP server for AI-driven canvas manipulation and visualization using tldraw. It enables AI clients to programmatically create, update, and manage shapes, flowcharts, and frames on a live interactive canvas.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse
Anthropic's MCP TypeScript SDK has a ReDoS vulnerability
ws: Uninitialized memory disclosure
tsup DOM Clobbering vulnerability
process.env. You'll be asked to provide them before it can run.TLDRAW_WS_URL— ws://localhost:4000 Widget WebSocket URLWS_PORT— 4000 Widget WS server port[](https://m8ven.ai/mcp/dpunj-tldraw-mcp-14jzd1)