41
/ 100
1 month ago
glama

personal-kg-mcp

Auto-captures decision context from multi-agent workflows to preserve the 'why' behind every choice. Enables task traceability, reasoning retrieval, and continuous improvement across planning and implementation sessions.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
⚠️
Tool descriptions don’t match what handlers do
1 tool describes read intent but its handler mutates — kg_diagnostic (line 1025: fs.mkdirSync(dir, { recursive: true }))
🚨
Known vulnerabilities in dependencies: 2 critical, 3 high
Affects packages this MCP installs at runtime. Upgrade or remove the affected dependency.
🔐
You'll be asked for 2 credentials: OPENAI_API_KEY, PKG_GITHUB_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies2 critical3 high

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

criticalvitest@2.1.8GHSA-5xrq-8626-4rwp

When Vitest UI server is listening, arbitrary file can be read and executed

criticalvitest@2.1.8GHSA-9crc-q9x8-hgqq

Vitest allows Remote Code Execution when accessing a malicious website while Vitest API server is listening

high@modelcontextprotocol/sdk@1.16.0GHSA-345p-7cg4-v4c7

@modelcontextprotocol/sdk has cross-client data leak via shared server/transport instance reuse

high@modelcontextprotocol/sdk@1.16.0GHSA-8r9q-7v3j-jr4g

Anthropic's MCP TypeScript SDK has a ReDoS vulnerability

high@modelcontextprotocol/sdk@1.16.0GHSA-w48q-cv73-mx4w

Model Context Protocol (MCP) TypeScript SDK does not enable DNS rebinding protection by default

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
🔐 secretOPENAI_API_KEYOpenAI API key for semantic embeddings
configPKG_EMBEDDING_DIM
configPKG_EMBEDDING_MODELtext-embedding-3-small OpenAI embedding model
configPKG_EMBEDDING_STARTUP
configPKG_GITHUB_INTEGRATION_ENABLED"": "true",
🔐 secretPKG_GITHUB_TOKENAdd to .env file: =github_pat_your_token_here
configPKG_MCP_CAPTURE_AUTO"": "true"
configPKG_MCP_CAPTURE_ENABLED"": "true",
configPKG_MCP_CAPTURE_EXCLUDE"" Tools to exclude (comma-separated)
configPKG_MCP_CAPTURE_TOOLS"": "github",
configPKG_METRICS_ENABLED
configPKG_METRICS_RETENTION_DAYS
configPKG_STORAGE_DIR"": ".kg",
configPKG_USE_ANN"": "true",
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 9 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/tomschell-personal-kg-mcp-ps7rmk)](https://m8ven.ai/mcp/tomschell-personal-kg-mcp-ps7rmk)
commit: d3d54107c7a351e57a6eb2af78eda4a0327d6ab1
code hash: f069264a1426a780b84b2acfef0a268352c92866e49b83e4256aaf746fb3f6d8
verified: 6/13/2026, 9:53:49 AM
view raw JSON →