74
/ 100
29 days ago
glama

run402-mcp

Provides MCP tools for AI agents to provision and manage Postgres databases, file storage, static sites, serverless functions, and authentication through the Run402 platform.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 7 credentials: ACTIONS_ID_TOKEN_REQUEST_TOKEN, BUYER_PRIVATE_KEY, FULLSTACK_TEST_SECRET, GH_TOKEN, GITHUB_TOKEN, RUN402_ANON_KEY, RUN402_SERVICE_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

lowyaml@2.8.2GHSA-48c2-rrv3-qjmp

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretACTIONS_ID_TOKEN_REQUEST_TOKEN
configACTIONS_ID_TOKEN_REQUEST_URL
🔐 secretBUYER_PRIVATE_KEY
configFULLSTACK_EMAIL_TEMPLATE
configFULLSTACK_EMAIL_TO
🔐 secretFULLSTACK_TEST_SECRET
🔐 secretGH_TOKEN
configGITHUB_ACTIONS
🔐 secretGITHUB_TOKEN
configRUN402_ACTIVE_WALLET_JSON
configRUN402_ADMIN_COOKIE
configRUN402_ALLOWANCE_PATH{config_dir}/allowance.json Custom allowance file path
🔐 secretRUN402_ANON_KEY
configRUN402_API_BASE
configRUN402_ASTRO_VERBOSE
configRUN402_CONFIG_DIR~/.config/run402 Local credential storage base directory (named wallets live under profiles/<name>/)
configRUN402_CONTROL_PLANE_SESSION_PATH
configRUN402_DEPLOY_API_BASE
configRUN402_DEPLOY_SKIP_SCAN
configRUN402_FULLSTACK_API_BASE
configRUN402_FULLSTACK_EMAIL_TEMPLATE
configRUN402_FULLSTACK_EMAIL_TO
configRUN402_FULLSTACK_STICKY_DOMAIN
configRUN402_OPERATOR_SESSION_PATH
configRUN402_PROFILERUN402_WALLET default Active named wallet (profile). Overridden by --wallet <name> and per-directory .run402.json; is an alias. See run402 wallets.
configRUN402_PROJECT
configRUN402_PROJECT_ID@run402/functions is auto-bundled into deployed code; install it in your editor for full TypeScript autocomplete (also works at build time for static-site generation with RUN402_SERVICE_KEY + set).
🔐 secretRUN402_SERVICE_KEY@run402/functions is auto-bundled into deployed code; install it in your editor for full TypeScript autocomplete (also works at build time for static-site generation with + RUN402_PROJECT_ID set).
configRUN402_WALLETdefault Active named wallet (profile). Overridden by --wallet <name> and per-directory .run402.json; RUN402_PROFILE is an alias. See run402 wallets.
configRUN402_WALLET_LABEL_SYNC
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 3 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/kychee-com-run402-njmzra)](https://m8ven.ai/mcp/kychee-com-run402-njmzra)
commit: c752a623ae76a335aa04eacf29ae7c022142b5ba
code hash: 4018ea2c30bafd6c32ae099407919a9b1ac08e26c307669cb2587cb21bccbd84
verified: 6/11/2026, 11:24:15 AM
view raw JSON →