An MCP server providing AI assistants access to Canadian case law and legislation metadata from CanLII across all jurisdictions, supporting search and citation relationships.
Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.
Install from
M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.
Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.
@hono/node-server has authorization bypass for protected static paths via encoded slashes in Serve Static Middleware
Hono vulnerable to arbitrary file access via serveStatic vulnerability
Hono: Path traversal in toSSG() allows writing files outside the output directory
@hono/node-server: Middleware bypass via repeated slashes in serveStatic
Hono missing validation of cookie name on write path in setCookie()
process.env. You'll be asked to provide them before it can run.CANLII_API— Server fallback (env ) Self-hosted single-tenant. Required for stdio.MCP_AUTH_TOKEN— Authorization: Bearer <> — gates access to the MCP server itselfPORT— 3000 CANLII_API=your_api_key node dist/index.js --transport http[](https://m8ven.ai/mcp/vaquill-ai-canlii-mcp-ubr8s5)