A remote MCP server that exposes the ServiceTitan API as tools, enabling Claude and other clients to manage customers, jobs, pricebook, invoicing, and more with write safety and built-in observability.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
hono: CORS Middleware reflects any Origin with credentials when `origin` defaults to the wildcard
hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice
hono: Body Limit Middleware can be bypassed on AWS Lambda by understating `Content-Length`
hono: Lambda@Edge adapter keeps only the last value of a repeated request header, dropping the rest
hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)
[](https://m8ven.ai/mcp/lpeluso-dotcom-servicetitan-mcp-14tnge)