This server has been archived and is no longer actively maintained.
The page is preserved for reference. Consider alternatives in the same category.
MCP server for Apache Parquet files
MCP server for Apache Parquet files
Is it safe?
No known CVEs for uv. 3 previously resolved.
No authentication — any process on your machine can connect to this server.
License not specified.
Last scanned 0 days ago.
Is it maintained?
Last commit 38 days ago. 24 GitHub stars.
Will it work with my client?
Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.
How much context will it use?
0 tools. Token cost not measured.
What if it doesn't work?
Common issues: JSON syntax errors in config, Python version mismatch, network or firewall blocking. Setup guide covers troubleshooting.
{
"mcpServers": {
"hdf5-mcp": {
"args": [
"clio-kit",
"mcp-server",
"hdf5"
],
"command": "uvx"
},
"slurm-mcp": {
"args": [
"clio-kit",
"mcp-server",
"slurm"
],
"command": "uvx"
},
"pandas-mcp": {
"args": [
"clio-kit",
"mcp-server",
"pandas"
],
"command": "uvx"
}
}
}Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx uv 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Last scanned 4h ago
No open vulnerabilities. 3 fixed CVEs.
CVE-2025-13327Fixeduv allows ZIP payload obfuscation through parsing differentials
### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur
GHSA-w476-p2h3-79g9Fixeduv has differential in tar extraction with PAX headers
### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
CVE-2025-54368uv allows ZIP payload obfuscation through parsing differentials
## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target