General-purpose MCP server with built-in tools for HTTP, JSON, and datetime operations, supporting pluggable modules and security defaults.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
When Vitest UI server is listening, arbitrary file can be read and executed
@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
@hono/node-server: Middleware bypass via repeated slashes in serveStatic
process.env. You'll be asked to provide them before it can run.FS_ROOT— Optional filesystem module — sandboxed read-only file access underHTTP_TOOL_ALLOWED_HOSTS— "": "api.github.com,httpbin.org"LOG_LEVEL— info Log level (stderr only)MCP_API_KEY— export =your-secretMCP_AUTH_MODE— export =api_keyMCP_CORS_ORIGINS— _(empty)_ Comma-separated CORS originsMCP_HTTP_ALLOWED_HOSTS— localhost,127.0.0.1,[::1] Host header allowlist (DNS rebinding protection)MCP_HTTP_HOST— export =0.0.0.0MCP_HTTP_PATH— /mcp Streamable HTTP endpointMCP_MODULES— "": "meta,http,json,datetime,docs",MCP_SERVER_NAMEMCP_SERVER_VERSIONMCP_TRANSPORT— export =http[](https://m8ven.ai/mcp/mohsin-shaikh-mcp-server-1axb2z)