Back to MCP Trust Indexm8ven
0
grade F
10 days ago
glama

Forge

Terminal MCP server for AI coding agents with persistent PTY sessions, ring-buffer incremental reads, headless xterm screen capture, multi-agent orchestration, and a real-time web dashboard.

ferodrigop/forge· listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Code appears obfuscated
3 files are unreadable to a human reviewer. Cannot audit what they do.
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 1 credential: FORGE_AUTH_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configCODEX_HOME
🔐 secretFORGE_AUTH_TOKENauth-token unset Require Bearer token for /mcp, /api, and /ws
configFORGE_CLAUDE_DEFAULT_MODEL
configFORGE_CLAUDE_PATHclaude-path claude Path to Claude CLI binary
configFORGE_CODEX_DEFAULT_MODEL
configFORGE_CODEX_PATH
configFORGE_COPILOT_PATH
configFORGE_CURSOR_PATH
configFORGE_DASHBOARDdashboard off Enable web dashboard
configFORGE_DEEP_AGENTS_PATH
configFORGE_GEMINI_DEFAULT_MODEL
configFORGE_GEMINI_PATH
configFORGE_MAX_SESSIONSmax-sessions 10 Max concurrent PTY sessions
configFORGE_WHISPER_MODEL_PATH
configFORGE_WHISPER_PATH
configFORGE_WINDSURF_PATH
configGEMINI_HOME
configSHELLcommand string User's $ Command to run
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/ferodrigop-forge-bjia3k)](https://m8ven.ai/mcp/ferodrigop-forge-bjia3k)
commit: 080e9cdf16e7f45b7a1ddab57cb5e005f23d9f44
code hash: 11d006946456b03e42b9be3690a29afcc274319577b15313b6fafc15d207a591
verified: 4/11/2026, 2:42:54 PM
view raw JSON →