Is Arcade Mcp Server safe to use?

Arcade Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Arcade Mcp Server?

Install Arcade Mcp Server via pip: `pip install arcade-mcp-server`. Then configure it in your MCP client.

What AI clients work with Arcade Mcp Server?

Arcade Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Arcade Mcp Server

Model Context Protocol (MCP) server framework for Arcade.dev

UnknownNot tested

AI / ML

PyPI

25DNo CVEsunknown

Quick Install

{
  "mcpServers": {
    "arcade-mcp-server": {
      "command": "uvx",
      "args": [
        "arcade-mcp-server"
      ]
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/arcade-mcp-server)](https://mcppedia.org/s/arcade-mcp-server)

Should you use this server?

Model Context Protocol (MCP) server framework for Arcade.dev

✓

Is it safe?

No known CVEs for arcade-mcp-server. 1 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'arcade-mcp-server' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

25D

Last scored just now

How we score →

Security

20/30

No open vulnerabilities. 1 fixed CVE.

✓

Known CVEs — No known CVEs for arcade-mcp-servercheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

— Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2025-66454Fixed

arcade-mcp-server Has Default Hardcoded Worker Secret That Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints

### Summary The arcade-mcp HTTP server uses a hardcoded default worker secret ("dev") that is never validated or overridden during normal server startup. As a result, any unauthenticated attacker who knows this default key can forge valid JWTs and fully bypass the FastAPI authentication layer. This grants remote access to all worker endpoints—including tool enumeration and tool invocation—without credentials. Anyone following the official quick-start guide is vulnerable unless they manually ov

Affected: >= 0Fixed in 1.9.1Published Dec 2, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Arcade Mcp Server safe to use?: Arcade Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Arcade Mcp Server?: Install Arcade Mcp Server via pip: `pip install arcade-mcp-server`. Then configure it in your MCP client.
What AI clients work with Arcade Mcp Server?: Arcade Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

MCP Security Weekly

Get CVE alerts and security updates for Arcade Mcp Server and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?