KeyStack

Local dashboard and MCP server that maintains a live project registry and skill library, enabling coding agents to pull project context and automatically update status, stack, and next steps.

→ nzt108-dev/keystack · listed on glama

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

⚠️

Known vulnerabilities in dependencies: 4 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

⚠️

Tests do not pass

Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.

✅

No credential exfiltration, no sensitive file access, no obfuscation

Static analysis found nothing flowing your secrets to unexpected places.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configKEYSTACK_HOME— SQLite at ~/.keystack/keystack.db (override with ). Never committed.

configKEYSTACK_PORT

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 8 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/nzt108-dev-keystack-18b4bh)](https://m8ven.ai/mcp/nzt108-dev-keystack-18b4bh)

commit: 13aa9c38c7a1ea8b194548d94f7347217f0f6d0a

code hash: 9cd64acfecffdf9106f00e273005479d45d9815d422caf4c113990eefc23cbfc

verified: 6/14/2026, 9:56:31 AM

view raw JSON →