Sonatype component intelligence: versions, security analysis, and Trust Score recommendations
Sonatype component intelligence: versions, security analysis, and Trust Score recommendations
Is it safe?
No known CVEs for mcp-remote. 1 previously resolved.
No authentication — any process on your machine can connect to this server.
License not specified.
Last scanned 0 days ago.
Is it maintained?
Last commit 78 days ago. 71 GitHub stars. 331,518 weekly downloads.
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
How much context will it use?
0 tools. Token cost not measured.
What if it doesn't work?
Common issues: JSON syntax errors in config, wrong Node.js version, npx cache, network or firewall blocking. covers troubleshooting.
{
"mcpServers": {
"discoveredServer": {
"headers": {
"Authorization": "Bearer <your-token>"
},
"httpUrl": "https://mcp.guide.sonatype.com/mcp"
}
}
}Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y mcp-remote 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Last scanned 1h ago
No open vulnerabilities. 1 fixed CVE.
CVE-2025-6514Fixedmcp-remote exposed to OS command injection via untrusted MCP server connections
mcp-remote is exposed to OS command injection when connecting to untrusted MCP servers due to crafted input from the authorization_endpoint response URL
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.