74
/ 100
28 days ago
glama

triliumnext-mcp

A Model Context Protocol (MCP) server for interacting with TriliumNext via its ETAPI. Enables LLMs to create, read, update, and organize notes, including embedding images and files directly into note content.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
🚨
Known vulnerabilities in dependencies: 1 critical, 1 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 1 credential: TRILIUM_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 critical1 high2 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@4.0.17GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

high@modelcontextprotocol/sdk@1.25.3GHSA-345p-7cg4-v4c7

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

lowfile-type@21.3.0GHSA-5v7r-6r5c-r473

file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header

lowfile-type@21.3.0GHSA-j47w-4g3g-c36v

file-type: ZIP Decompression Bomb DoS via [Content_Types].xml entry

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configLOG_FORMATtext \ json text text is <ISO-ts> LEVEL event k=v k=v lines. json is one JSON object per line.
configLOG_LEVELsilent triliumnext-mcp --token "$TRILIUM_TOKEN"
configTRILIUM_ALLOW_PRIVATE_URLSexport =false
configTRILIUM_CORS_ORIGINS
configTRILIUM_GATEWAY_AUTHexport =bearer
configTRILIUM_GATEWAY_TOKENSexport =tok1,tok2
configTRILIUM_HTTP_PORTexport =3000
configTRILIUM_JWT_AUDIENCE
configTRILIUM_JWT_ISSUER
configTRILIUM_JWT_JWKS_URL
configTRILIUM_JWT_PRINCIPAL_CLAIM
configTRILIUM_JWT_SECRETS
configTRILIUM_MAX_POST_BYTESexport =500mb # SSE POST body cap; see "Request body size limits"
configTRILIUM_METRICSIn Kubernetes, the equivalent is two env vars (=true and TRILIUM_METRICS_AUTH) on the Deployment plus a ServiceMonitor with bearerTokenSecret pointing at the token Secret.
configTRILIUM_METRICS_AUTHSelected with --metrics-auth <mode> or . Default is gateway.
configTRILIUM_METRICS_INCLUDE_PRINCIPALEnv: =true. When on, a new series appears:
configTRILIUM_METRICS_TOKENS- =${PROMETHEUS_SCRAPE_TOKEN}
configTRILIUM_MULTI_TENANTexport =true
configTRILIUM_PUBLIC_URLexport =https://trilium.example.com # optional; web URL for note links (defaults to TRILIUM_URL without /etapi)
configTRILIUM_RATE_LIMIT_BURSTEnv: TRILIUM_RATE_LIMIT_RPS, . /health is never rate-limited (cheap liveness). /metrics is rate-limited like everything else.
configTRILIUM_RATE_LIMIT_RPSEnv: , TRILIUM_RATE_LIMIT_BURST. /health is never rate-limited (cheap liveness). /metrics is rate-limited like everything else.
🔐 secretTRILIUM_TOKENe =<your_etapi_token> \
configTRILIUM_TRANSPORTexport =stdio
configTRILIUM_URLe =<your_trilium_url_e.g._https://trilium.example.com/etapi>
configTRILIUM_URL_ALLOWLISTexport =notes.example.com,trilium.internal
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 4 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/perfectra1n-triliumnext-mcp-1ub6b2)](https://m8ven.ai/mcp/perfectra1n-triliumnext-mcp-1ub6b2)
commit: 979c67dbef84ed7953cfa75d96f514e0e56fe0b1
code hash: 5a5d7e3fbcb2c3a027479627ad1152a9c18d0c2e063b2d183060be742f3c521c
verified: 6/11/2026, 11:52:19 AM
view raw JSON →