Is io.github.bugfender/mcp safe to use?

io.github.bugfender/mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.bugfender/mcp?

io.github.bugfender/mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with io.github.bugfender/mcp?

io.github.bugfender/mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

io.github.bugfender/mcp

Access Bugfender logs, crashes, devices, and user feedback from MCP-enabled clients.

UnknownNot tested

Other

GitHub

15FNo CVEsunknown

Quick Install

{
  "mcpServers": {
    "io-github-bugfender-mcp": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Setup guide

No install config available. Check the server's README for setup instructions.

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-bugfender-mcp)](https://mcppedia.org/s/io-github-bugfender-mcp)

Should you use this server?

Access Bugfender logs, crashes, devices, and user feedback from MCP-enabled clients.

✓

Is it safe?

No package registry to scan.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Commit history unknown.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

README

`@bugfender/mcp`

Bugfender MCP server for local stdio clients such as Cursor, Claude Code, Codex, and Gemini CLI.

What It Provides

user-scoped Bugfender read access through MCP
automatic access-token refresh when a refresh token is configured
logs, devices, app metadata, crash aggregation, and issue aggregation tools
SDK snippet retrieval for app onboarding
resource templates for snippets, logs, and issue groups
companion Bugfender skills distributed from bugfender/bugfender-skills

Maintainers

development workflow: DEVELOPMENT.md
release and publish flow: RELEASING.md

Install

npx -y @bugfender/mcp

After adding or updating the MCP server in your IDE or agent, restart that client so it reloads the new MCP configuration cleanly.

If you are running from inside this repository checkout, do not use npx @bugfender/mcp or npx -p @bugfender/mcp bugfender-mcp. npm can resolve the current package instead of the published tarball and fail with bugfender-mcp: not found.

For local development, build and run the generated entrypoint directly:

pnpm build
pnpm start

Configuration

BUGFENDER_API_TOKEN: required access token
BUGFENDER_REFRESH_TOKEN: recommended for automatic token refresh
BUGFENDER_API_URL: optional override, defaults to https://dashboard.bugfender.com/api
~/.bugfender/mcp.json: optional config file and local token store for rotated credentials

{
  "default": {
    "apiToken": "YOUR_ACCESS_TOKEN",
    "refreshToken": "YOUR_REFRESH_TOKEN",
    "apiUrl": "https://dashboard.bugfender.com/api"
  }
}

When a refresh token is provided, the MCP stores rotated credentials in ~/.bugfender/mcp.json so automatic refresh survives restarts. Updating the IDE config with a newly generated refresh token resets that local state.

If you are using local or self-hosted Bugfender credentials, BUGFENDER_API_URL must point to the matching backend. For example, local credentials generated from https://dashboard:3000 will not work against https://dashboard.bugfender.com/api.

Cursor / Claude Code

{
  "mcpServers": {
    "bugfender": {
      "command": "npx",
      "args": ["-y", "@bugfender/mcp"],
      "env": {
        "BUGFENDER_API_TOKEN": "YOUR_ACCESS_TOKEN",
        "BUGFENDER_REFRESH_TOKEN": "YOUR_REFRESH_TOKEN",
        "BUGFENDER_API_URL": "https://dashboard.bugfender.com/api"
      }
    }
  }
}

Codex CLI

codex mcp add bugfender \
  --env BUGFENDER_API_TOKEN='YOUR_ACCESS_TOKEN' \
  --env BUGFENDER_REFRESH_TOKEN='YOUR_REFRESH_TOKEN' \
  --env BUGFENDER_API_URL='https://dashboard.bugfender.com/api' \
  -- npx -y @bugfender/mcp

After running codex mcp add, restart the Codex session before testing who_am_i or list_apps.

Gemini CLI

gemini mcp add bugfender npx -y @bugfender/mcp \
  --env BUGFENDER_API_TOKEN='YOUR_ACCESS_TOKEN' \
  --env BUGFENDER_REFRESH_TOKEN='YOUR_REFRESH_TOKEN' \
  --env BUGFENDER_API_URL='https://dashboard.bugfender.com/api'

After running gemini mcp add, start a new Gemini CLI session or reload MCP servers before testing who_am_i or list_apps.

Codex App

In the custom MCP server form:

Name: bugfender
Command to launch: npx
Argument 1: -y
Argument 2: @bugfender/mcp
BUGFENDER_API_TOKEN: YOUR_ACCESS_TOKEN
BUGFENDER_REFRESH_TOKEN: YOUR_REFRESH_TOKEN
BUGFENDER_API_URL: https://dashboard.bugfender.com/api

Add the arguments as separate rows, not as one combined string.

After saving the server, restart the app before testing who_am_i or list_apps.

Tools

who_am_i
list_teams
list_apps
get_app
list_app_versions
get_sdk_snippet
get_crashes
get_crash_stats
get_crash_device_stats
get_crash_details
search_logs
count_logs
count_devices_with_logs
search_devices
count_devices
list_issues
get_issue
`get_issue_

... View full README on GitHub

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

15F

Last scored 6h ago

How we score →

Security

2/30

No known vulnerabilities.

○

Known CVEs — No package registry to scan

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

○

Tool stability — First scan — baseline recorded

○

Dependency health — No package to analyze

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

CVEs checked daily via OSV.dev. Score algorithm is open source.

Reviews

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.bugfender/mcp safe to use?: io.github.bugfender/mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.bugfender/mcp?: io.github.bugfender/mcp can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with io.github.bugfender/mcp?: io.github.bugfender/mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Similar servers

View all →

Memory MCP Server

Official

No CVEs98A

Persistent memory using a knowledge graph

5 toolsstdio83.8k93.5k/wk1d ago

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

No CVEs95A

Hash-verified file editing MCP server with token efficiency hook. 11 tools for AI coding agents.

5 toolsremote398685.9k/wk11h ago

Context Mode

No CVEs95A

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

6 toolsremote7.3k10.0k/wk22h ago

Browser Tools Mcp

No CVEs94A

Monitor browser logs directly from Cursor and other MCP compatible IDEs.

7 toolsremote7.2k2.9k/wk28d ago

MCP Security Weekly

Get CVE alerts and security updates for io.github.bugfender/mcp and similar servers.

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?