tldraw-mcp

A minimal MCP server for AI-driven canvas manipulation and visualization using tldraw. It enables AI clients to programmatically create, update, and manage shapes, flowcharts, and frames on a live interactive canvas.

→ dpunj/tldraw-mcp · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 2 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configTLDRAW_WS_URL— ws://localhost:4000 Widget WebSocket URL

configWS_PORT— 4000 Widget WS server port

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/dpunj-tldraw-mcp-14jzd1)](https://m8ven.ai/mcp/dpunj-tldraw-mcp-14jzd1)

commit: 0948b9705fb7f9b91a7b59eee988c2a4a736ff12

code hash: e2d9d5a0d2c6c86fe516e0c14574d62daa088ffd5a094353f755b287d6289b22

verified: 4/11/2026, 3:11:50 PM

view raw JSON →