grade C

10 days ago

glama

Access

Self-hosted credential store and API proxy for AI agents. One Bearer token, all your services. Handles OAuth refresh, encrypted storage, audit logging, and per-agent permissioning.

→ Scottpedia0/access · listed on glama

Install from

Glama

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings

🚨

Secret credentials may flow to a network call

3 flows detected: APOLLO_API_KEY, OURA_PERSONAL_ACCESS_TOKEN. We can’t prove the destination matches the brand the credential belongs to.

⚠️

Known vulnerabilities in dependencies: 1 high

Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.

🔐

You'll be asked for 24 credentials: APOLLO_API_KEY, AWS_SECRET_ACCESS_KEY, CAL_API_KEY, CLOUDFLARE_API_TOKEN, CONSUMER_TOKEN_HASH_SECRET, GITHUB_TOKEN, GITLAB_TOKEN, GLOBAL_AGENT_TOKEN, GOOGLE_BROKER_CLIENT_SECRET, GOOGLE_CLIENT_SECRET, HUBSPOT_PRIVATE_APP_TOKEN, JIRA_API_TOKEN, LINEAR_API_KEY, NEXTAUTH_SECRET, NOTION_API_KEY, OURA_PERSONAL_ACCESS_TOKEN, OWNER_LOGIN_PASSWORD, PORKBUN_API_KEY, PORKBUN_SECRET_KEY, SECRET_ENCRYPTION_KEY, SENTRY_AUTH_TOKEN, SHARED_INTAKE_TOKEN, SLACK_BOT_TOKEN, STRIPE_SECRET_KEY

These are read from process.env at runtime. Make sure you trust where they’ll be sent.

// required environment variables

This server reads these from process.env. You'll be asked to provide them before it can run.

configACCESS_BASE_URL— Copy the "For agents USING Access" section into your agent's instruction file and set and ACCESS_TOKEN in your environment.

configAGENT_ENV_PATH

🔐 secretAPOLLO_API_KEY

configAPP_NAME

configAWS_ACCESS_KEY_ID

configAWS_REGION

🔐 secretAWS_SECRET_ACCESS_KEY

🔐 secretCAL_API_KEY

🔐 secretCLOUDFLARE_API_TOKEN

🔐 secretCONSUMER_TOKEN_HASH_SECRET— openssl rand -base64 32 # ->

configDATABASE_URL— Set and DIRECT_DATABASE_URL in .env

configEMAIL_FROM

configEMAIL_SERVER

configGITHUB_REPO_URL

🔐 secretGITHUB_TOKEN

configGITLAB_BASE_URL

🔐 secretGITLAB_TOKEN

🔐 secretGLOBAL_AGENT_TOKEN— "": "your-token-here"

configGOOGLE_ACCOUNTS

configGOOGLE_BROKER_CLIENT_ID

🔐 secretGOOGLE_BROKER_CLIENT_SECRET

configGOOGLE_CLIENT_ID

🔐 secretGOOGLE_CLIENT_SECRET

🔐 secretHUBSPOT_PRIVATE_APP_TOKEN

🔐 secretJIRA_API_TOKEN

configJIRA_BASE_URL

configJIRA_EMAIL

🔐 secretLINEAR_API_KEY

🔐 secretNEXTAUTH_SECRET— openssl rand -base64 32 # ->

configNEXTAUTH_URL— 4. Set to your production URL

configNEXT_PUBLIC_GA_MEASUREMENT_ID

🔐 secretNOTION_API_KEY

🔐 secretOURA_PERSONAL_ACCESS_TOKEN

configOWNER_EMAILS— (comma-separated list of emails allowed to log in)

🔐 secretOWNER_LOGIN_PASSWORD

🔐 secretPORKBUN_API_KEY

🔐 secretPORKBUN_SECRET_KEY

configRATE_LIMIT_ENABLED

🔐 secretSECRET_ENCRYPTION_KEY— openssl rand -base64 32 # ->

configSECRET_ENCRYPTION_KEY_PREVIOUS— "<old key>"

🔐 secretSENTRY_AUTH_TOKEN

configSENTRY_ORG

🔐 secretSHARED_INTAKE_TOKEN

🔐 secretSLACK_BOT_TOKEN

🔐 secretSTRIPE_SECRET_KEY

// full audit trail

The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.

// improvement guidance — verified publishers only

We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.

// embed badge in your README

[![M8ven Score](https://m8ven.ai/badge/mcp/scottpedia0-access-e18n9l)](https://m8ven.ai/mcp/scottpedia0-access-e18n9l)

commit: 98633f430f5066156471dee5b259dece3e11534b

code hash: 86a1cf8b6b214e160fba4af307540729cc985125820714c8623096a2c97e4451

verified: 4/11/2026, 2:18:46 PM

view raw JSON →