74
/ 100
15 days ago
glama

local-code-mcp

Profile-driven MCP server for safely inspecting and changing local Git repositories via a Streamable HTTP endpoint with deny-by-default security.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tests do not pass
Either the test suite is broken or the code regressed. Either way the published behaviour can’t be verified by the publisher’s own tests.
2 tools verified — handlers match their declared behaviour
1 read-only tool verified — handlers contain no write/delete/exec
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configMCP_TRUST_STORE_PATHTrust store path: ~/.local/share/local-code-mcp/config.toml (or configured via ).
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 5 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/phamtuandat-local-code-mcp-r4tdoy)](https://m8ven.ai/mcp/phamtuandat-local-code-mcp-r4tdoy)
commit: d335c49bf5b011e65888bd7e277dfb1c6402cbd9
code hash: cbc0e67d56f6b4468f4feef35d7fd1007ad218acfb0513660a7faf95449e239c
verified: 6/25/2026, 9:54:24 AM
view raw JSON →