41
grade D
7 days ago
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
// key findings
🚨
Known vulnerabilities in dependencies: 1 critical, 2 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 5 credentials: COOKIE_SECRET, JWT_SECRET, MEDUSA_PASSWORD, NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY, PUBLISHABLE_KEY
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// required environment variables
This server reads these from
process.env. You'll be asked to provide them before it can run.config
ADMIN_CORSconfig
AUTH_CORS🔐 secret
COOKIE_SECRETconfig
DATABASE_URL🔐 secret
JWT_SECRETconfig
MEDUSA_BACKEND_URL— Your Medusa backend URL🔐 secret
MEDUSA_PASSWORD— Medusa admin password (for admin)config
MEDUSA_USERNAME— Medusa admin username (for admin)🔐 secret
NEXT_PUBLIC_MEDUSA_PUBLISHABLE_KEY🔐 secret
PUBLISHABLE_KEY— Your Medusa publishable API keyconfig
STORE_CORSconfig
TEST_TYPE// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 2 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[](https://m8ven.ai/mcp/sgfgov-medusa-mcp-1hyid3)commit: d1ce4896b456e5ee85273db79ba4d250045c6965
code hash: 962485d9bee73d9d7445fd485a99cf9aefa351736f32dc2ef71167c996f4fc12
verified: 4/18/2026, 7:18:45 PM