Is co.flow2/flow2 safe to use?

co.flow2/flow2 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install co.flow2/flow2?

co.flow2/flow2 can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with co.flow2/flow2?

co.flow2/flow2 is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is co.flow2/flow2 actively maintained?

co.flow2/flow2 is actively maintained — last commit was 23 days ago.

co.flow2/flow2

Design mobile-first presentations — create, edit, preview, and publish from your AI.

GitHub

No known CVEs

No license

Actively maintained

Last commit 23d ago

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "co-flow2-flow2": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/co-flow2-flow2)](https://mcppedia.org/s/co-flow2-flow2)

Read me

What co.flow2/flow2 does

Design mobile-first presentations — create, edit, preview, and publish from your AI assistant.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is co.flow2/flow2 safe to use?: co.flow2/flow2 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install co.flow2/flow2?: co.flow2/flow2 can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with co.flow2/flow2?: co.flow2/flow2 is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is co.flow2/flow2 actively maintained?: co.flow2/flow2 is actively maintained — last commit was 23 days ago.

Similar servers

Others in other

View all →

Pi Lean Ctx95

Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.

Apify MCP Server

97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server

507 6

Caveman Shrink93

MCP proxy that compresses prose fields (tool descriptions, etc.) using caveman rules. Same accuracy, fewer context tokens.

70.9k 4

MCP Security Weekly

Get CVE alerts and security updates for co.flow2/flow2 and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "co-flow2-flow2": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/co-flow2-flow2)](https://mcppedia.org/s/co-flow2-flow2)

Read me

What co.flow2/flow2 does

Design mobile-first presentations — create, edit, preview, and publish from your AI assistant.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Flow2 MCP Server

Design mobile-first presentations - create, edit, preview, and publish from your AI assistant.

This is the official Model Context Protocol server for Flow2. It lets AI assistants like Claude work with your Flow2 account directly: spin up new flows, add and edit screens, drop in blocks, preview the result, and publish — all from a chat prompt.

Endpoint: https://mcp.flow2.co/
Transport: streamable-http
Auth: OAuth 2.1 with Dynamic Client Registration (RFC 7591)
Registry: co.flow2/flow2

Quick start

Claude Code (and Cowork)

claude mcp add --transport http flow2 https://mcp.flow2.co/ --scope user

Then run /mcp inside Claude Code to complete the OAuth sign-in.

Claude.ai (web + desktop)

Settings → Connectors → Add custom connector → URL: https://mcp.flow2.co/. Click Connect to authorize.

Cursor

In ~/.cursor/mcp.json:

{
  "mcpServers": {
    "flow2": {
      "url": "https://mcp.flow2.co/"
    }
  }
}

Other MCP-compatible clients

Any client that supports remote streamable-HTTP MCP servers can connect using the URL above. OAuth is handled automatically when the client supports DCR.

What it can do

The Flow2 MCP server exposes the full flow-authoring surface as tools:

Tool	What it does
`create_flow`	Create a new Flow2 presentation
`update_flow_meta`	Rename or update flow-level metadata
`get_flow`	Read the current state of a flow
`add_screen`	Add a new screen to a flow
`get_screen`	Read a screen and its blocks
`delete_screen`	Remove a screen from a flow
`add_block`	Add a block (text, image, button, etc.) to a screen
`patch_block`	Update an existing block's content or styling
`delete_block`	Remove a block from a screen
`get_blocks_schema`	List available block types and their schemas
`get_preview`	Get the screenshot URL for a single screen
`render-flow-preview`	Show the whole flow inline in chat — vertical-scroll preview of all screens with theme-accent indicator (interactive on Apps-aware clients)
`render-screen-preview`	Show a single screen inline in chat as a phone-framed screenshot
`list_jobs` / `check_job_status`	Track long-running operations
`check_credits`	Check the remaining credits on your account

All write tools are annotated with destructiveHint: false where appropriate so AI clients can reason about safety. Read-only tools are marked readOnlyHint: true.

Inline previews (Apps-aware clients)

On clients that support the MCP Apps extension (Claude.ai web + desktop, Claude Code, ChatGPT, Cursor, VS Code), render-flow-preview and render-screen-preview produce an interactive inline preview rendered inside a sandboxed iframe — no need to leave the chat to see your flow. CTA buttons on individual screens become click-through links; the indicator picks up the flow's theme accent color. Other clients fall back to the cover screenshot.

Example prompts

Once the server is connected, try:

"Create a new mobile pitch deck for my fintech app called 'Lumen'."
"Add a hero screen with a bold headline and a 'Get started' button."
"Generate three product-feature screens with icons and short captions."
"Show me my latest flow." (renders the inline preview)
"Preview screen 3 of my pricing flow."
"Share the link to my latest flow."

The assistant will call the right MCP tools, and you'll see the changes reflected in your Flow2 account in real time.

Authentication

The server implements OAuth 2.1 with Dynamic Client Registration. When you connect from a new client, it:

Discovers /.well-known/oauth-authorization-server
Registers itself as a client via the `registration_endpoint

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is co.flow2/flow2 safe to use?: co.flow2/flow2 has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install co.flow2/flow2?: co.flow2/flow2 can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with co.flow2/flow2?: co.flow2/flow2 is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is co.flow2/flow2 actively maintained?: co.flow2/flow2 is actively maintained — last commit was 23 days ago.

Similar servers

Others in other

View all →

Pi Lean Ctx95

Pi Coding Agent extension (CLI-first) — routes bash/read/grep/find/ls through lean-ctx CLI for strong token savings. Optional MCP bridge can register advanced tools.

Apify MCP Server

97% token reduction for AI coding sessions — zero deps, 21 languages, MCP server

507 6

Caveman Shrink93

MCP proxy that compresses prose fields (tool descriptions, etc.) using caveman rules. Same accuracy, fewer context tokens.

70.9k 4

MCP Security Weekly

Get CVE alerts and security updates for co.flow2/flow2 and similar servers.