Is io.github.lastmanupinc-hub/axis-toolbox safe to use?

io.github.lastmanupinc-hub/axis-toolbox has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.lastmanupinc-hub/axis-toolbox?

io.github.lastmanupinc-hub/axis-toolbox supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.lastmanupinc-hub/axis-toolbox do?

io.github.lastmanupinc-hub/axis-toolbox provides 6 tools: list_programs, search_and_discover_tools, discover_commerce_tools, discover_agentic_purchasing_needs, get_referral_code and 1 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.lastmanupinc-hub/axis-toolbox?

io.github.lastmanupinc-hub/axis-toolbox is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.lastmanupinc-hub/axis-toolbox actively maintained?

io.github.lastmanupinc-hub/axis-toolbox is actively maintained — last commit was 11 days ago.

io.github.lastmanupinc-hub/axis-toolbox

vite

Generate AGENTS.md, AP2 compliance docs, checkout rules, debug playbook & MCP configs from any repo.

129.2M/wk 6 tools GitHub npm

No known CVEs

No license

Actively maintained

Last commit 11d ago

Works with most clients

Transport: stdio, sse, http

6 tools · ~269 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-lastmanupinc-hub-axis-toolbox": {
      "args": [
        "-y",
        "vite"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-lastmanupinc-hub-axis-toolbox)](https://mcppedia.org/s/io-github-lastmanupinc-hub-axis-toolbox)

Read me

What io.github.lastmanupinc-hub/axis-toolbox does

Axis' Iliad — The modern epic that shapes raw codebases into canonical, agent-ready artifacts. Axis' Iliad authors the definitive foundation for the next era of natural-language workspace development.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'vite' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

90/100across 5 weighted dimensions

How we score →

0255075100

−10

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

20 fixed

CVE-2024-52011medium · fixedCVSS 4

launch-editor vulnerable to command injection via the crafted request on Windows

### Summary Due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. ### Impact If the following conditions are met, an attacker can execute arbitrary commands on the computer that is using the `launch-editor`: - An attacker can place a file with the malicious filename - An attacker can call the `launchEditor` method with the `file` argument controlled - The

Affected: >= 0Fixed in 2.9.0source →

CVE-2026-39365medium · fixedCVSS 4

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

### Summary Any files ending with `.map` even out side the project can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - have a sensitive content in files ending with `.map` and the path is predictable ### Details In Vite v7.3.1, the dev server’s handling of `.map` requests for

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2026-39364medium · fixedCVSS 4

Vite: `server.fs.deny` bypassed with queries

### Summary The contents of files that are specified by [`server.fs.deny`](https://vite.dev/config/server-options#server-fs-deny) can be returned to the browser. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - the sensitive file exists in the allowed directories specified by [`server.fs.allow`](https://vi

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2026-39363medium · fixedCVSS 4

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

### Summary [`server.fs`](https://vite.dev/config/server-options#server-fs-strict) check was not enforced to the `fetchModule` method that is exposed in Vite dev server's WebSocket. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using `--host` or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - WebSocket is not disabled by `server.ws: false` Arbitrary files on the ser

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2025-62522medium · fixedCVSS 4

vite allows server.fs.deny bypass via backslash on Windows

### Summary Files denied by [`server.fs.deny`](https://vitejs.dev/config/server-options.html#server-fs-deny) were sent if the URL ended with `\` when the dev server is running on Windows. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [`server.host` config option](https://vitejs.dev/config/server-options.html#server-host)) - running the dev server on Windows ### Details `server.fs.deny` can contai

Affected: >= 7.1.0Fixed in 7.1.11source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~269 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.lastmanupinc-hub/axis-toolbox safe to use?: io.github.lastmanupinc-hub/axis-toolbox has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.lastmanupinc-hub/axis-toolbox?: io.github.lastmanupinc-hub/axis-toolbox supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.lastmanupinc-hub/axis-toolbox do?: io.github.lastmanupinc-hub/axis-toolbox provides 6 tools: list_programs, search_and_discover_tools, discover_commerce_tools, discover_agentic_purchasing_needs, get_referral_code and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.lastmanupinc-hub/axis-toolbox?: io.github.lastmanupinc-hub/axis-toolbox is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.lastmanupinc-hub/axis-toolbox actively maintained?: io.github.lastmanupinc-hub/axis-toolbox is actively maintained — last commit was 11 days ago.

Similar servers

Others in developer-tools

View all →

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.6k 12

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.8k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.lastmanupinc-hub/axis-toolbox and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-lastmanupinc-hub-axis-toolbox": {
      "args": [
        "-y",
        "vite"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-lastmanupinc-hub-axis-toolbox)](https://mcppedia.org/s/io-github-lastmanupinc-hub-axis-toolbox)

Read me

What io.github.lastmanupinc-hub/axis-toolbox does

Axis' Iliad — The modern epic that shapes raw codebases into canonical, agent-ready artifacts. Axis' Iliad authors the definitive foundation for the next era of natural-language workspace development.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'vite' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Axis' Iliad

Axis' Iliad — The modern epic that shapes raw codebases into canonical, agent-ready artifacts. Axis' Iliad authors the definitive foundation for the next era of natural-language workspace development.

Canonical name: Axis' Iliad. Use this name consistently across docs, registries, and integrations.

Try it in 30 seconds — no signup required

Three programs are completely free with no API key:

# 1. Get an API key (free tier, instant)
curl -X POST https://axis-api-6c7z.onrender.com/v1/accounts \
  -H 'Content-Type: application/json' \
  -d '{"email":"you@example.com","name":"My Agent","tier":"free"}'

# 2. Analyze any public GitHub repo
curl -X POST https://axis-api-6c7z.onrender.com/v1/github/analyze \
  -H 'Content-Type: application/json' \
  -H 'Authorization: Bearer YOUR_API_KEY' \
  -d '{"url":"https://github.com/owner/repo","programs":["search","skills","debug"]}'

# 3. Download the generated artifacts as a ZIP
curl https://axis-api-6c7z.onrender.com/v1/projects/PROJECT_ID/export \
  -H 'Authorization: Bearer YOUR_API_KEY' -o artifacts.zip

Free tier includes: Search (context maps), Skills (AGENTS.md, CLAUDE.md, .cursorrules), Debug (playbooks, incident templates). Pro unlocks all 18 programs.

What you get

One scan → 102 artifacts across 18 programs, ready in seconds:

What you need	Program	Key outputs
Orient a new AI agent	Search (free)	`context-map.json`, `repo-profile.yaml`, `architecture-summary.md`
Give any LLM codebase context	Skills (free)	`AGENTS.md`, `CLAUDE.md`, `.cursorrules`, `workflow-pack.md`
Debug a production incident	Debug (free)	`debug-playbook.md`, `tracing-rules.md`, `root-cause-checklist.md`
Audit your UI	Frontend	`frontend-rules.md`, `ui-audit.md`, `component-guidelines.md`
Fix search ranking	SEO	`seo-rules.md`, `meta-tag-audit.json`, `schema-recommendations.json`
Cut LLM costs	Optimization	`optimization-rules.md`, `cost-estimate.json`, `token-budget-plan.md`
Ship a design system	Theme	`design-tokens.json`, `theme.css`, `dark-mode-tokens.json`
Unify your brand voice	Brand	`brand-guidelines.md`, `voice-and-tone.md`, `messaging-system.yaml`
Automate dev workflows	Superpowers	`superpower-pack.md`, `workflow-registry.json`, `automation-pipeline.yaml`
Launch a campaign	Marketing	`campaign-brief.md`, `funnel-map.md`, `ab-test-plan.md`
Build data/research tools	Notebook	`notebook-summary.md`, `research-threads.md`, `source-map.json`
Manage a knowledge vault	Obsidian	`obsidian-skill-pack.md`, `vault-rules.md`, `graph-prompt-map.json`
Connect AI tools (MCP)	MCP	`mcp-config.json`, `mcp-registry-metadata.json`, `protocol-spec.md`, `spec.types.ts`, `mcp/README.md`, `mcp/project-setup.md`, `mcp/build-artifacts.md`, `mcp/package-json.root.template.json`, `mcp/package-json.package.template.json`, `mcp/tsconfig.root.template.json`, `mcp/tsconfig.package.template.json`, `mcp/monorepo-structure.md`, `mcp/core-implementation-arti

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

90/100across 5 weighted dimensions

How we score →

0255075100

−10

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

20 fixed

CVE-2024-52011medium · fixedCVSS 4

launch-editor vulnerable to command injection via the crafted request on Windows

Affected: >= 0Fixed in 2.9.0source →

CVE-2026-39365medium · fixedCVSS 4

Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2026-39364medium · fixedCVSS 4

Vite: `server.fs.deny` bypassed with queries

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2026-39363medium · fixedCVSS 4

Vite Vulnerable to Arbitrary File Read via Vite Dev Server WebSocket

Affected: >= 8.0.0Fixed in 8.0.5source →

CVE-2025-62522medium · fixedCVSS 4

vite allows server.fs.deny bypass via backslash on Windows

Affected: >= 7.1.0Fixed in 7.1.11source →

Inventory

Tools (6)

Click any tool to inspect its schema.

~269 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.lastmanupinc-hub/axis-toolbox safe to use?: io.github.lastmanupinc-hub/axis-toolbox has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.lastmanupinc-hub/axis-toolbox?: io.github.lastmanupinc-hub/axis-toolbox supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.lastmanupinc-hub/axis-toolbox do?: io.github.lastmanupinc-hub/axis-toolbox provides 6 tools: list_programs, search_and_discover_tools, discover_commerce_tools, discover_agentic_purchasing_needs, get_referral_code and 1 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.lastmanupinc-hub/axis-toolbox?: io.github.lastmanupinc-hub/axis-toolbox is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.lastmanupinc-hub/axis-toolbox actively maintained?: io.github.lastmanupinc-hub/axis-toolbox is actively maintained — last commit was 11 days ago.