Is Baba_is_eval safe to use?

Baba_is_eval has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Baba_is_eval?

Baba_is_eval supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Baba_is_eval do?

Baba_is_eval provides 1 tool: Credits. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Baba_is_eval?

Baba_is_eval is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is Baba_is_eval actively maintained?

Baba_is_eval is less actively maintained — last commit was 333 days ago. It has 57 GitHub stars.

Baba_is_eval

Name: Baba_is_eval
Author: lennart-finke

mcp · by lennart-finke

Claude et al. play the brilliant puzzle title "Baba is You"

57 1 tool GitHub PyPI

No known CVEs

No license

Stale

Last commit 333d ago

Works with most clients

Transport: stdio, sse

1 tool · ~38 tok

Grade A · 0.0% of 200K ctx

Edit this pageView history

AI / ML Entertainment

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "baba-is-eval": {
      "args": [
        "mcp"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/baba-is-eval)](https://mcppedia.org/s/baba-is-eval)

Read me

What Baba_is_eval does

https://github.com/user-attachments/assets/cb6d0d49-b583-46a2-b262-1cf38279a531

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

77/100across 5 weighted dimensions

How we score →

0255075100

−23

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2025-66416medium · fixedCVSS 4

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac

Affected: >= 0Fixed in 1.23.0source →

CVE-2025-53366medium · fixedCVSS 4

MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.

Affected: >= 0Fixed in 1.9.4source →

CVE-2025-53365medium · fixedCVSS 4

MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.

Affected: >= 0Fixed in 1.10.0source →

Inventory

Tools (1)

Click any tool to inspect its schema.

~38 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Baba_is_eval safe to use?: Baba_is_eval has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Baba_is_eval?: Baba_is_eval supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Baba_is_eval do?: Baba_is_eval provides 1 tool: Credits. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Baba_is_eval?: Baba_is_eval is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Baba_is_eval actively maintained?: Baba_is_eval is less actively maintained — last commit was 333 days ago. It has 57 GitHub stars.

Similar servers

Others in ai-ml / entertainment

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

16.0k 6

MCP Security Weekly

Get CVE alerts and security updates for Baba_is_eval and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Baba_is_eval

Install in your client