Itcons.app MCP Server

Connects AI assistants to the Itcons.app business operations platform for managing work reports, work orders, projects, clients, and users. It supports both local stdio and remote HTTP modes, enabling querying, searching, and creating operational data with secure authentication.

→ itcons-app/mcp · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 3 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

✅

Open source with a license and README

Anyone can audit the code, the license is declared, and the publisher documents what it does.

🔐

You'll be asked for 3 credentials: ITCONS_OAUTH_CLIENT_SECRET, ITCONS_PASSWORD, ITCONS_TOKEN

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configHOST— 127.0.0.1 \

configITCONS_API_BASE_URL— is optional. If omitted, the server uses:

configITCONS_DOMAIN— Resolve the API base URL from .

configITCONS_DOMAIN_LOOKUP_URL— No Endpoint used to detect the Itcons.app domain from an email. Defaults to https://auto.itcons.app/webhook/my-domain.

configITCONS_HTTP_AUTH_DISABLED— No Set to 1 only for local HTTP smoke tests. Disables remote MCP bearer auth.

configITCONS_HTTP_SMOKE_PORT

configITCONS_MCP_ALLOWED_HOSTS— Recommended for remote mode Comma-separated allowed Host headers, for example mcp.example.com.

configITCONS_MCP_PATH— No Remote MCP endpoint path. Defaults to /mcp.

configITCONS_MCP_PUBLIC_URL— Yes for remote mode Public HTTPS origin, for example https://mcp.example.com.

configITCONS_MCP_SSE_PATH— No SSE-compatible endpoint path. Defaults to /sse.

configITCONS_OAUTH_CLIENTS_FILE— Recommended for public apps JSON file used to persist dynamically registered OAuth clients.

configITCONS_OAUTH_CLIENT_ID— itcons-app-chatgpt \

🔐 secretITCONS_OAUTH_CLIENT_SECRET— change-me \

🔐 secretITCONS_PASSWORD— "": "change-me",

configITCONS_REPORTS_MCP_PATH

configITCONS_SMOKE_LIVE

configITCONS_TIMEZONE— Europe/Madrid

🔐 secretITCONS_TOKEN— ITCONS_USERNAME Yes, unless is set Itcons.app username or email.

configITCONS_USERNAME— user@example.com

configPORT— No HTTP server port. Defaults to 3000.

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/itcons-app-mcp-pd6asc)](https://m8ven.ai/mcp/itcons-app-mcp-pd6asc)

commit: bd0a7800cad93a8cf55e19407b7569fffa81d91c

code hash: 619abcef5084ed75cff1474c27223d995d3fc670fa059625fb577f0efea5856d

verified: 6/10/2026, 11:18:46 AM

view raw JSON →