74
/ 100
16 days ago
glama

todo-hud-mcp

MCP server for managing a todo list with gamified pomodoro features, exposing set_tasks and list_tasks tools.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
// known CVEs in dependencies4 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

low@nestjs/common@11.0.0GHSA-cj7v-w2c7-cp7c

nest allows a remote attacker to execute arbitrary code via the Content-Type header

low@nestjs/core@11.0.0GHSA-36xv-jgw5-4q75

@nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

lowjs-yaml@4.1.0GHSA-h67p-54hq-rp68

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

lowjs-yaml@4.1.0GHSA-mh29-5h37-fv8m

js-yaml has prototype pollution in merge (<<)

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configDATA_PATH
configHOST
configPORT
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/felipedanielh-todo-hud-mcp-1h5xz5)](https://m8ven.ai/mcp/felipedanielh-todo-hud-mcp-1h5xz5)
commit: 40df54dbb38036b02be1be9e1c0933c43791d3f3
code hash: 8ea75b09d8fa14158147d01501a3602a82ac4519963719b5bc703bb00d3143c1
verified: 6/29/2026, 11:21:52 AM
view raw JSON →