Is io.github.Agnuxo1/enigmagent-mcp safe to use?

io.github.Agnuxo1/enigmagent-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.Agnuxo1/enigmagent-mcp?

io.github.Agnuxo1/enigmagent-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.Agnuxo1/enigmagent-mcp?

io.github.Agnuxo1/enigmagent-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

io.github.Agnuxo1/enigmagent-mcp

Local AES-256-GCM vault for AI agents. Secrets stay local, LLMs never see real API keys.

0 tools GitHub

No known CVEs

No license

Maintenance unknown

No commit data

Untested

Transport: stdio

0 tools

Grade F

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-agnuxo1-enigmagent-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-agnuxo1-enigmagent-mcp)](https://mcppedia.org/s/io-github-agnuxo1-enigmagent-mcp)

Read me

What io.github.Agnuxo1/enigmagent-mcp does

Local AES-256-GCM vault for AI agents. Secrets stay local, LLMs never see real API keys.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

16/100across 5 weighted dimensions

How we score →

0255075100

−84

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.Agnuxo1/enigmagent-mcp safe to use?: io.github.Agnuxo1/enigmagent-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.Agnuxo1/enigmagent-mcp?: io.github.Agnuxo1/enigmagent-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.Agnuxo1/enigmagent-mcp?: io.github.Agnuxo1/enigmagent-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

Others in ai-ml

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.3k 2

Sequential Thinking MCP Server96

Dynamic problem-solving through sequential thought chains

84.5k 1

Arxiv Mcp Server96

A Model Context Protocol server for searching and analyzing arXiv papers

2.6k 4

Python Sdk95

The official Python SDK for Model Context Protocol servers and clients

22.8k 1

MCP Security Weekly

Get CVE alerts and security updates for io.github.Agnuxo1/enigmagent-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-agnuxo1-enigmagent-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-agnuxo1-enigmagent-mcp)](https://mcppedia.org/s/io-github-agnuxo1-enigmagent-mcp)

Read me

What io.github.Agnuxo1/enigmagent-mcp does

Local AES-256-GCM vault for AI agents. Secrets stay local, LLMs never see real API keys.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

enigmagent-mcp

Local encrypted vault MCP server. Your LLM types {{OPENAI_KEY}}. The real value never reaches the model — not in prompts, not in logs, not in conversation history.

npx enigmagent-mcp --vault ./my.vault.json

That's the entire install. Works with Claude Desktop, Cursor, Continue.dev, Cline, Open WebUI, AnythingLLM, LM Studio, Zed, and anything else that speaks MCP.

⭐ Star this repo if you've ever pasted a token you regretted.

The 30-second pitch

You ask Claude to call your GitHub API. Claude needs GITHUB_TOKEN. Three options that all suck:

Paste it in the chat → it lives in the provider's logs forever
Put it in env vars → it leaks the moment Claude reads .env while debugging
Skip the agent → you lose the whole point

Option 4: type {{GITHUB_TOKEN}} in the prompt. EnigmAgent intercepts at the MCP boundary, decrypts locally with AES-256-GCM, and returns the real token only when the requesting origin matches the secret's bound domain. The model literally never has the value.

Setup per client

Claude Desktop

~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/absolute/path/to/my.vault.json"]
    }
  }
}

Restart Claude. Two new tools appear: enigmagent_resolve and enigmagent_list.

Cursor

~/.cursor/mcp.json:

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]
    }
  }
}

Continue.dev

~/.continue/config.yaml:

mcpServers:
  - name: enigmagent
    command: npx
    args: ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]

Cline (VS Code)

cline_mcp_settings.json:

{
  "mcpServers": {
    "enigmagent": {
      "command": "npx",
      "args": ["-y", "enigmagent-mcp", "--vault", "/abs/path/my.vault.json"]
    }
  }
}

Open WebUI

# uses mcpo (https://github.com/open-webui/mcpo) as bridge
mcpo --port 8000 -- npx enigmagent-mcp --vault /abs/path/my.vault.json

Custom REST integration

npx enigmagent-mcp --mode rest --port 3737 --vault /abs/path/my.vault.json

Then POST /resolve with {"placeholder": "OPENAI_KEY", "origin": "https://api.openai.com"} returns the decrypted value (only when the origin matches the secret's bound domain).

CI / headless mode

Skip the interactive password prompt with env vars (only do this in trusted environments):

ENIGMAGENT_USER=alice ENIGMAGENT_PASS=… npx enigmagent-mcp --vault ./my.vault.json

Without these, the server starts in locked mode if there's no TTY — useful behind mcp-proxy and similar wrappers.

MCP tools exposed

Tool	Description
`enigmagent_resolve`	Resolve a placeholder to its vault value. Domain binding enforced — the requesting `origin` must match the secret's bound domain
`enigmagent_list`	List secret names + their bound domains. Never returns values

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

16/100across 5 weighted dimensions

How we score →

0255075100

−84

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.Agnuxo1/enigmagent-mcp safe to use?: io.github.Agnuxo1/enigmagent-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.Agnuxo1/enigmagent-mcp?: io.github.Agnuxo1/enigmagent-mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.Agnuxo1/enigmagent-mcp?: io.github.Agnuxo1/enigmagent-mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.