/ 100

4 days ago

glama

WET - Web Extended Toolkit MCP Server

Web search, content extraction, and library docs for AI agents with 5-strategy scraping and runs without API keys.

→ expandingideas-ai/mcp-wet · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

✅

5 tools verified — handlers match their declared behaviour

3 read-only tools verified — handlers contain no write/delete/exec

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 15 credentials: CLOUDFLARE_API_TOKEN, MCP_RELAY_PASSWORD, MCP_D1_TOKEN, MCP_VECTORIZE_TOKEN, GEMINI_API_KEY, GOOGLE_API_KEY, OPENAI_API_KEY, COHERE_API_KEY, XAI_API_KEY, GITHUB_TOKEN, GH_TOKEN, MCP_DCR_SERVER_SECRET, TAVILY_API_KEY, BRAVE_API_KEY, EXA_API_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configCLOUDFLARE_ACCOUNT_ID

🔐 secretCLOUDFLARE_API_TOKEN

configCF_ENDPOINT

configRELAY_PW

🔐 secretMCP_RELAY_PASSWORD— form is gated by ; multi-user deployments also require

configWET_DOCS_DB_PATH

configMCP_D1_BASE_URL

🔐 secretMCP_D1_TOKEN

configMCP_VECTORIZE_BASE_URL

configMCP_VECTORIZE_IDX

🔐 secretMCP_VECTORIZE_TOKEN

configBROWSER_BACKENDS

configMCP_TRANSPORT— v wet-data:/data -e =http \

configTRANSPORT_MODE

configDOCS_DB_BACKEND— cf-d1 (docs + BM25 full-text), and Vectorize (embeddings). Web search uses

configPUBLIC_URL— e =https://wet.example.com \

🔐 secretGEMINI_API_KEY— gemini/ aistudio.google.com/apikey

🔐 secretGOOGLE_API_KEY

🔐 secretOPENAI_API_KEY— openai/ (or bare) platform.openai.com

🔐 secretCOHERE_API_KEY— cohere/ dashboard.cohere.com

configEMBEDDING_API_BASE

🔐 secretXAI_API_KEY— xai/ console.x.ai

configLLM_API_BASE

configMCP_RELAY_URL

configRERANK_API_BASE

🔐 secretGITHUB_TOKEN

🔐 secretGH_TOKEN

🔐 secretMCP_DCR_SERVER_SECRET— CREDENTIAL_SECRET (per-user vault key) and .

configMCP_PORT

configMCP_AUTH_DISABLE

configcontainer— 4. Push the image to your Cloudflare managed registry (CF Containers cannot

🔐 secretTAVILY_API_KEY— / BRAVE_API_KEY / EXA_API_KEY.

🔐 secretBRAVE_API_KEY— TAVILY_API_KEY / / EXA_API_KEY.

🔐 secretEXA_API_KEY— TAVILY_API_KEY / BRAVE_API_KEY / .

configSEARCH_BACKEND— a SearXNG instance (=searxng, SEARXNG_URL) or Tavily (SEARCH_BACKEND=tavily);

configSEARCH_BACKENDS— Search backends -- (CSV, runtime fallback chain) over

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/expandingideas-ai-mcp-wet-f0v20a)](https://m8ven.ai/mcp/expandingideas-ai-mcp-wet-f0v20a)

commit: 73c02a07a4951d27c6d5b9e47c8b6a7d59015ccd

code hash: 6c8bb558809c1395e7bfab30f5d8e34c2a0c010cf932650171a1814929307830

verified: 6/24/2026, 10:23:55 AM

view raw JSON →