Is io.github.design-smith/muntuai-mcp safe to use?

io.github.design-smith/muntuai-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.design-smith/muntuai-mcp?

io.github.design-smith/muntuai-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.design-smith/muntuai-mcp?

io.github.design-smith/muntuai-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is io.github.design-smith/muntuai-mcp actively maintained?

io.github.design-smith/muntuai-mcp is actively maintained — last commit was 16 days ago.

io.github.design-smith/muntuai-mcp

requests

Hosted MCP server for MuntuAI outreach campaigns, leads, senders, domains, and analytics.

0 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 16d ago

Works with most clients

Transport:

0 tools

Grade F

Edit this pageView history

Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "muntu": {
      "url": "https://api.muntuai.com/api/mcp",
      "headers": {
        "Authorization": "Bearer ${env:MUNTU_AGENT_KEY}"
      }
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-design-smith-muntuai-mcp)](https://mcppedia.org/s/io-github-design-smith-muntuai-mcp)

Read me

What io.github.design-smith/muntuai-mcp does

This repository contains the public documentation, manifest, and reference clients for the live MuntuAI MCP server. The runnable server implementation lives in the main Muntu backend.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'requests' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

49/100across 5 weighted dimensions

How we score →

0255075100

−51

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-25645low · fixedCVSS 3.1

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

### Impact The `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. ### Affected usages **Standard usage of the Requests library is not affected by this vulnerability.** Only app

Affected: >= 0Fixed in 2.33.0source →

CVE-2024-47081low · fixedCVSS 3.1

Requests vulnerable to .netrc credentials leak via malicious URLs

### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2

Affected: >= 0Fixed in 2.32.4source →

CVE-2024-35195low · fixedCVSS 3.1

Requests `Session` object does not verify requests after making first request with verify=False

When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later. This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests w

Affected: >= 0Fixed in 2.32.0source →

CVE-2023-32681info · fixed

PYSEC-2023-74

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header

Affected: >= 0Fixed in 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5source →

CVE-2018-18074info · fixed

PYSEC-2018-28

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Affected: >= 0Fixed in c45d7c49ea75133e52ab22a8e9e13173938e36ffsource →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.design-smith/muntuai-mcp safe to use?: io.github.design-smith/muntuai-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.design-smith/muntuai-mcp?: io.github.design-smith/muntuai-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.design-smith/muntuai-mcp?: io.github.design-smith/muntuai-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.design-smith/muntuai-mcp actively maintained?: io.github.design-smith/muntuai-mcp is actively maintained — last commit was 16 days ago.

Similar servers

Others in marketing

View all →

Mcp Server Typescript94

DataForSEO API modelcontextprotocol server

197 9

io.github.peturgeorgievv-factory/postfast-mcp90

MCP server for the PostFast API — schedule and manage social media posts via AI tools

1 11

Digital Marketing Pro89

Claude Code plugin: 115 commands, 25 agents, 64 scripts, 67 MCP servers, 143 reference files. Eval/QA layer (hallucination detection, claim verification, A+ through F grading). Multilingual (Sarvam AI, DeepL, Google Cloud Translation). Full execution with approval workflow.

103 4

Seo Research Mcp88

A free SEO research tool using Model Context Protocol (MCP) powered by Ahrefs data. Get backlink analysis, keyword research, traffic estimation, and more — directly in your AI-powered IDE.

178 4

MCP Security Weekly

Get CVE alerts and security updates for io.github.design-smith/muntuai-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Marketing

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "muntu": {
      "url": "https://api.muntuai.com/api/mcp",
      "headers": {
        "Authorization": "Bearer ${env:MUNTU_AGENT_KEY}"
      }
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-design-smith-muntuai-mcp)](https://mcppedia.org/s/io-github-design-smith-muntuai-mcp)

Read me

What io.github.design-smith/muntuai-mcp does

This repository contains the public documentation, manifest, and reference clients for the live MuntuAI MCP server. The runnable server implementation lives in the main Muntu backend.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'requests' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

MuntuAI MCP

This repository contains the public documentation, manifest, and reference clients for the live MuntuAI MCP server. The runnable server implementation lives in the main Muntu backend.

The official Model Context Protocol (MCP) server for MuntuAI — giving AI agents programmatic access to email outreach campaigns, lead management, domain infrastructure, and real-time workspace events.

What This Is

MuntuAI is an AI-native email outreach platform. This MCP server lets external agents (Claude, Cursor, custom scripts) connect to a MuntuAI workspace and perform actions: create campaigns, import leads, verify domains, send emails, and subscribe to webhook events — all through a standard MCP interface over HTTP.

Protocol: Model Context Protocol over HTTP (JSON-RPC 2.0)
Transport: Streamable HTTP (text/event-stream or application/json)
Server protocol revision: 2025-03-26
Server URL: https://api.muntuai.com/api/mcp

Quick Start

1. Get an agent key

Log in to app.muntuai.com, go to Settings → Agent Keys, and create a key. Choose the autonomy level that matches what your agent needs:

Level	What it can do
`observer`	Read anything — campaigns, leads, domains, senders, events
`copilot`	Read + create and modify — campaigns, domains, senders, leads, webhooks
`autonomous`	Everything above + pause, resume, delete

You will see the raw key once: mnt_<keyId>.<secret>. Copy it immediately.

2. Configure your client

Security note: store the raw agent key in an environment variable or secret manager. Do not commit it to source control or paste it into shared files.

Claude Desktop (~/Library/Application Support/Claude/claude_desktop_config.json):

{
  "mcpServers": {
    "muntu": {
      "url": "https://api.muntuai.com/api/mcp",
      "headers": {
        "Authorization": "Bearer ${env:MUNTU_AGENT_KEY}"
      }
    }
  }
}

Cursor (.cursor/mcp.json or Settings → MCP):

{
  "mcpServers": {
    "muntu": {
      "url": "https://api.muntuai.com/api/mcp",
      "headers": {
        "Authorization": "Bearer ${env:MUNTU_AGENT_KEY}"
      }
    }
  }
}

Python:

pip install requests
export MUNTU_AGENT_KEY="mnt_YOUR_KEY_HERE"
python clients/python/muntu_mcp_client.py list-campaigns

Recommended:

export MUNTU_SESSION_ID="$(uuidgen)"

Muntu uses the optional MUNTU_SESSION_ID to group requests into one logical MCP session for session-scoped safety controls and budgeting.

3. Make your first call

Once connected, ask your agent:

"List all campaigns in my MuntuAI workspace"

The agent will call resources/read on muntu://campaigns/{workspaceId} and return the campaign list.

Or via Python CLI:

python clients/python/muntu_mcp_client.py list-campaigns
python clients/python/muntu_mcp_client.py list-domains
python clients/python/muntu_mcp_client.py list-emails

What Agents Can Do

Resources (read-only views)

Resource	URI	Description
workspace	`muntu://workspace/{id}`	Profile, policy, infrastructure counts
domains	`muntu://domains/{id}?cursor=0&limit=50`	All domains with DNS and verification state
senders	`muntu://senders/{id}?cursor=0&limit=50`	All email accounts with status
campaigns	`muntu://campaigns/{id}?cursor=0&limit=20`	Unified campaign list
campaign-plans	`muntu://campaign-plans/{id}?cursor=0&limit=20`	Draft review queue
events	`muntu://events/{id}?cursor=0`	Recent system events (filterable)

Tools (30 total)

Grouped by domain — see tools/README.md for the full index.

Campaigns — create, launch, pause, resume, monitor, review drafts, send
Leads — import from array or CSV URL, enrich, sample
Senders — create, delete, health check, assign to campaign
**Dom

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

49/100across 5 weighted dimensions

How we score →

0255075100

−51

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-25645low · fixedCVSS 3.1

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

Affected: >= 0Fixed in 2.33.0source →

CVE-2024-47081low · fixedCVSS 3.1

Requests vulnerable to .netrc credentials leak via malicious URLs

Affected: >= 0Fixed in 2.32.4source →

CVE-2024-35195low · fixedCVSS 3.1

Requests `Session` object does not verify requests after making first request with verify=False

Affected: >= 0Fixed in 2.32.0source →

CVE-2023-32681info · fixed

PYSEC-2023-74

Affected: >= 0Fixed in 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5source →

CVE-2018-18074info · fixed

PYSEC-2018-28

Affected: >= 0Fixed in c45d7c49ea75133e52ab22a8e9e13173938e36ffsource →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.design-smith/muntuai-mcp safe to use?: io.github.design-smith/muntuai-mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.design-smith/muntuai-mcp?: io.github.design-smith/muntuai-mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.design-smith/muntuai-mcp?: io.github.design-smith/muntuai-mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is io.github.design-smith/muntuai-mcp actively maintained?: io.github.design-smith/muntuai-mcp is actively maintained — last commit was 16 days ago.

Similar servers

Others in marketing

View all →

Mcp Server Typescript94

DataForSEO API modelcontextprotocol server

197 9

io.github.peturgeorgievv-factory/postfast-mcp90

MCP server for the PostFast API — schedule and manage social media posts via AI tools

1 11

Digital Marketing Pro89

103 4

Seo Research Mcp88

A free SEO research tool using Model Context Protocol (MCP) powered by Ahrefs data. Get backlink analysis, keyword research, traffic estimation, and more — directly in your AI-powered IDE.

178 4

MCP Security Weekly

Get CVE alerts and security updates for io.github.design-smith/muntuai-mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?