Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"io-github-antonioblago-visibly-ai": {
"args": [
"-y",
"@anthropic-ai/claude-code"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A batteries-included Claude Code blueprint for SEO freelancers and agencies. Wire up the Visibly AI MCP, get ready-made slash commands for the full client workflow — Status-Quo → Potential Analysis → Offer → CI-compliant PDF — and a smart hook that nudges Claude toward real SEO data instead of guessing. > Built and battle-tested by Antonio Blago — SEO Freelancer & creator of the Neuro-SEO System®.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@anthropic-ai/claude-code' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write
The Claude Code `/copy` command wrote responses to a hardcoded, predictable path (`/tmp/claude/response.md`) without UID isolation, randomness, or symlink protection. The file was created world-readable (0644) in a world-traversable directory (0755), allowing any local user to read a privileged user's Claude response, which could contain secrets or credentials. Additionally, because the path was static and predictable, a local attacker could pre-create the directory and plant a symlink at the ex
Claude Code: Out-of-Band Data Exfiltration via Pre-Approved HuggingFace Domain in WebFetch
Because the hostname huggingface.co was pre-approved as a bare hostname for the WebFetch tool, any path on that domain—including attacker-controlled model repositories—was auto-approved without a permission prompt or being subject to --allowedTools restrictions. An attacker able to inject untrusted content into a Claude Code context could direct it to issue WebFetch requests against attacker-controlled repository files (e.g. /resolve/main/config.json), which HuggingFace counts as downloads serve
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution
Claude Code used the git worktree `commondir` file when determining folder trust but did not validate its contents. By crafting a repository with a `commondir` file pointing to a path the victim had previously trusted, an attacker could bypass the trust dialog and immediately execute malicious hooks defined in `.claude/settings.json`. Exploiting this required the victim to clone a malicious repository and run Claude Code within it, and for the attacker to know or guess a path the victim had alre
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace
Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace. When Claude Code subsequently wrote to a path within such a symlink, its unsandboxed process followed the symlink and wrote to the target location outside the workspace without prompting the user for confirmation. This allowed a sandbox escape where neither the sandboxed command nor the unsandboxed app could independently write outside the workspace, but their combination
Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows
On Windows, Claude Code loaded system-wide default configuration from `C:\ProgramData\ClaudeCode\managed-settings.json` without validating directory ownership or access permissions. Because the `ProgramData` directory is writable by non-administrative users by default and the `ClaudeCode` subdirectory was not pre-created or access-restricted, a low-privileged local user could create this directory and place a malicious configuration file that would be automatically loaded for any user launching
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in marketing
DataForSEO API modelcontextprotocol server
MCP server for Yandex.Direct API — campaigns, ads, statistics, keywords. Bearer token auth.
MCP server for Mindbox CDP API — customer profiles, orders, segments. 3 tools.
MCP server for the PostFast API — schedule and manage social media posts via AI tools
MCP Security Weekly
Get CVE alerts and security updates for io.github.AntonioBlago/visibly-ai and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A batteries-included Claude Code blueprint for SEO freelancers and agencies. Wire up the Visibly AI MCP, get ready-made slash commands for the full client workflow — Status-Quo → Potential Analysis → Offer → CI-compliant PDF — and a smart hook that nudges Claude toward real SEO data instead of guessing.
Built and battle-tested by Antonio Blago — SEO Freelancer & creator of the Neuro-SEO System®.
Quickstart • What's inside • Workflows • CTR Model • Customise • Get a free key • Book a call
SEO consulting is the same five jobs over and over: pull the real ranking data, map it against the client's keyword set, quantify the opportunity, turn that into an offer, and ship a presentable PDF. Claude Code can do all of it — if you give it the data sources, the methodology, and the guardrails.
This repo packages exactly that — and it runs without any API key. Install it and the bundled .mcp.json connects to the Visibly AI MCP keyless, giving you 8 free tools (keyword classification, SEO checklists, URL-structure analysis) plus the full local methodology; bring your own Search Console export and the entire Status-Quo → Potential → Offer → PDF chain runs offline. Add a Visibly AI key when you want the data engine on tap — live GSC/GA at 0 credits, keywords, backlinks, competitors and on-page audits through one MCP. Free by default, pro when you need it.
| Piece | What it does |
|---|---|
.mcp.json | Pre-wired Visibly AI MCP connection — keyless by default (8 free tools); add a key to unlock live GSC, keywords, backlinks, competitors, on-page audits, crawling. |
/visibly-seo-status-quo | Maps a client's live organic visibility: GSC × target keywords, classification, quick wins. |
/visibly-seo-potential | Potential analysis: empirical CTR model → realistic 12-month targets → traffic, lead & ROI math. |
/visibly-seo-offer | Drafts a tailored, phased SEO consulting offer from your analysis + client context. |
/visibly-seo-pdf-build | Turns any analysis script into a clean, brand-compliant PDF. |
| SEO hook | A UserPromptSubmit hook that detects SEO intent and steers Claude to Visibly AI MCP tools instead of generic scraping. |
CLAUDE.md | A project-instruction template encoding the whole workflow + folder conventions. |
docs/ | The methodology written out: workflows, the CTR model, and best practices. |
There are two ways to use this — pick one.
/plugin marketplace add AntonioBlago/claude-code-seo-starter
/plugin install seo-starter@antonioblago
You get the /visibly-seo-status-quo, /visibly-seo-potential, /visibly-seo-offer, /visibly-seo-pdf-build commands, the
auto-invoked SEO skills, the SEO-intent hook, and the keyless Visibly AI MCP — wired in.
No key needed to start — approve the MCP server and you have the 8 free tools plus
the full local workflow.
Want the full data engine (live GSC, keywords, backlinks, on-page)? Add a Visibly AI key — grab one at visibly-ai.com (~30s, no card), then connect it once (resolves at write time, stays out of git):
claude mcp add --transport http visiblyai https://mcp.visibly-ai.com/mcp --header "Authorization: Bearer lc_xxxxxxxxxxxxxxxx"
Restart with /reload-plugins if needed. See docs/setup.md for the
pro tier, Google-OAuth (0 credits) and option