Web search that doesn't wreck your AI's memory.
{
"mcpServers": {
"webgate": {
"env": {
"WEBGATE_SEARXNG_URL": "http://localhost:8080",
"WEBGATE_DEFAULT_BACKEND": "searxng"
},
"args": [
"mcp-webgate"
],
"command": "uvx"
}
}
}Web search that doesn't wreck your AI's memory.
Is it safe?
No known CVEs for uv. 3 previously resolved.
No authentication — any process on your machine can connect.
License not specified.
Is it maintained?
Last commit 2 days ago. 3 stars.
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
Context cost
3 tools. ~300 tokens (0.1% of 200K).
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx uv 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
webgate_fetchRead a single page by URL and get back cleaned text up to max_query_budget characters
webgate_querySearch the web, fetch results in parallel, and return cleaned ranked content with optional LLM summarization
webgate_onboardingReturns a JSON guide explaining how to use webgate tools effectively
This server is missing a description.If you've used it, help the community.
Add informationLast scanned 7h ago
No open vulnerabilities. 3 fixed CVEs.
CVE-2025-13327Fixeduv allows ZIP payload obfuscation through parsing differentials
### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur
GHSA-w476-p2h3-79g9Fixeduv has differential in tar extraction with PAX headers
### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:
CVE-2025-54368Fixeduv allows ZIP payload obfuscation through parsing differentials
## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.