Back to MCP Trust Indexm8ven
34
/ 100
6 days ago
glama

Crow

AI-powered project management with persistent memory, encrypted P2P sharing, and 20+ integrations, enabling your AI assistant to manage projects, share memories, and collaborate securely across platforms.

kh0pper/crow· listed on glama
Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tool descriptions don’t match what handlers do
5 tools describe read intent but their handlers mutate — crow_browser_status (line 144: execFileSync("docker", ["inspect", "-f", "{{.State.Running}}", "crow-browser"], { encoding: "utf-8",…); crow_calibreweb_search (line 85: entryRegex.exec(xml)); crow_calibreweb_list_books (line 85: entryRegex.exec(xml))
⚠️
Known vulnerabilities in dependencies: 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 19 credentials: ACTUAL_PASSWORD, ADGUARD_PASSWORD, AI_API_KEY, AUDIOBOOKSHELF_API_KEY, BOOKSTACK_TOKEN_SECRET, CALIBRE_PASSWORD, CALIBRE_WEB_API_KEY, CHANGEDETECTION_API_KEY, CROWDSEC_API_KEY, CROW_CAMPAIGNS_ENCRYPTION_KEY, FORGEJO_TOKEN, FRIGATE_PASSWORD, FUNKWHALE_ACCESS_TOKEN, GITEA_TOKEN, GTS_ACCESS_TOKEN, IMMICH_API_KEY, JELLYFIN_API_KEY, KAVITA_PASSWORD, KODI_PASSWORD
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretACTUAL_PASSWORD
configACTUAL_SYNC_ID
configACTUAL_URL
🔐 secretADGUARD_PASSWORD
configADGUARD_URL
configADGUARD_USERNAME
🔐 secretAI_API_KEY
configAI_BASE_URL
configAI_MODEL
configAI_PROVIDER
🔐 secretAUDIOBOOKSHELF_API_KEY
configAUDIOBOOKSHELF_URL
configBLOG_FIGURE_GATEWAY_URL
configBOOKSTACK_TOKEN_ID
🔐 secretBOOKSTACK_TOKEN_SECRET
configBOOKSTACK_URL
configCADDY_ADMIN_URL
configCADDY_CONFIG_DIR
🔐 secretCALIBRE_PASSWORD
configCALIBRE_URL
configCALIBRE_USERNAME
🔐 secretCALIBRE_WEB_API_KEY
configCALIBRE_WEB_URL
🔐 secretCHANGEDETECTION_API_KEY
configCHANGEDETECTION_URL
🔐 secretCROWDSEC_API_KEY
configCROWDSEC_LAPI_URL
configCROW_BROWSER_CDP_URL
configCROW_BROWSER_VNC_PORT
🔐 secretCROW_CAMPAIGNS_ENCRYPTION_KEY
configCROW_DATA_DIR
configCROW_DB_PATH
configCROW_GATEWAY_PORT
configCROW_GATEWAY_URL
configCROW_SKIP_CONFIRM_GATES
configDOZZLE_URL
🔐 secretFORGEJO_TOKEN
configFORGEJO_URL
🔐 secretFRIGATE_PASSWORD
configFRIGATE_URL
configFRIGATE_USER
🔐 secretFUNKWHALE_ACCESS_TOKEN
configFUNKWHALE_HOSTNAME
configFUNKWHALE_URL
🔐 secretGITEA_TOKEN
configGITEA_URL
🔐 secretGTS_ACCESS_TOKEN
configGTS_MEDIA_RETENTION_DAYS
configGTS_URL
🔐 secretIMMICH_API_KEY
configIMMICH_URL
🔐 secretJELLYFIN_API_KEY
configJELLYFIN_URL
configJELLYFIN_USER_ID
🔐 secretKAVITA_PASSWORD
configKAVITA_URL
configKAVITA_USERNAME
🔐 secretKODI_PASSWORD
configKODI_URL
configKODI_USER
configKOLIBRI_HTTP_PORT
configKOLIBRI_URL
configLEMMY_HOSTNAME
configLEMMY_JWT
configLEMMY_URL
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 9 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/kh0pper-crow-dnopgk)](https://m8ven.ai/mcp/kh0pper-crow-dnopgk)
commit: 5aa0fa0343a4a10b382026ea0d46636709d61860
code hash: 42c4c6b58aeab03af90af64fb71f9c42aa34ce282879e0789af85f6c5e5bdd71
verified: 5/29/2026, 10:07:55 AM
view raw JSON →