74
/ 100
17 days ago
glama

ChatGPT Workspace Exposure MCP

Automatically starts a repo-aware MCP server for the current workspace, finds a free port, and optionally exposes it via Cloudflare tunnel for integration with ChatGPT/OpenAI.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
🔐
You'll be asked for 2 credentials: MCP_IDE_BRIDGE_TOKEN, COPILOT_CHAT_BRIDGE_TOKEN
These are read from process.env at runtime. Make sure you trust where they’ll be sent.
// known CVEs in dependencies1 low

Disclosed vulnerabilities in this server's declared npm dependencies (via OSV). Whether each is reachable depends on the installed versions.

lowesbuild@0.27.3GHSA-g7r4-m6w7-qqqr

esbuild allows arbitrary file read when running the development server on Windows

Depend on this server? Get alerted when its CVEs change.Watch this server free →
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configMCP_MAX_LIST_ENTRIES
configMCP_MAX_READ_CHARS
configMCP_MAX_SEARCH_MATCHES
configMCP_COMMAND_TIMEOUT_SECONDS
configMCP_MAX_COMMAND_OUTPUT_CHARS
configMCP_IDE_BRIDGE_URL
configVSCODE_IDE_BRIDGE_URL
🔐 secretMCP_IDE_BRIDGE_TOKEN
🔐 secretCOPILOT_CHAT_BRIDGE_TOKEN
configMCP_IDE_BRIDGE_TIMEOUT_SECONDS
configMCP_ENABLE_COMMAND_EXEC
configMCP_WORKSPACE_FILE
configMCP_ALLOWED_ROOTS
configMCP_REPO_ROOT
configMCP_TRANSPORT
configMCP_HOST
configMCP_PORT
configMCP_PATH
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 7 concrete improvements we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/yoy123-chatgpt-workspace-exposure-mcp-1d58vm)](https://m8ven.ai/mcp/yoy123-chatgpt-workspace-exposure-mcp-1d58vm)
commit: a298d2f88ee91ddfcc7bef77af25cf9662fb1ac7
code hash: 5e368229ad3effd415c13a5f549ae3f5bc88f6089c2f82a7ffd50954db00a399
verified: 6/23/2026, 10:10:37 AM
view raw JSON →
ChatGPT Workspace Exposure MCP · M8ven Trust Score | M8ven