Enables managing a minimal task backlog with operations to create, list, update, and retrieve tasks with different statuses (open, in progress, blocked, done, cancelled). Tasks are stored in a local JSON file with atomic writes.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
When Vitest UI server is listening, arbitrary file can be read and executed
vite: `server.fs.deny` bypass on Windows alternate paths
Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket
Vite: `server.fs.deny` bypassed with queries
Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling
process.env. You'll be asked to provide them before it can run.ALLOWED_GITHUB_USERNAMES— npx wrangler secret put # comma-separated: "you,youralt"API_KEY— npx wrangler secret put # your personal API key (for Claude Desktop)BACKLOG_ACTOR_NAMEBACKLOG_ACTOR_TYPEBACKLOG_DATA_DIR— ~/.backlog # Where to store tasks (default: data/tasks/)BACKLOG_DELEGATED_BYBACKLOG_TASK_CONTEXTBACKLOG_VIEWER_PORT— 3030 # HTTP server portCLIENT_SECRETGITHUB_CLIENT_ID— npx wrangler secret put # GitHub OAuth App client IDGITHUB_CLIENT_SECRET— npx wrangler secret putJWT_SECRET— npx wrangler secret put # any strong random stringLOG_LEVEL[](https://m8ven.ai/mcp/gkoreli-backlog-mcp-1t334k)