Verified US local service provider data across trades. Ratings, services, pricing.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"localpro": {
"url": "https://mcp.localpro.dev/mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A Model Context Protocol server that provides verified local service provider data to AI agents. Built on Cloudflare Workers + D1.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'wrangler' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Wrangler affected by OS Command Injection in `wrangler pages deploy`
**Summary** A command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with control of `--commit-hash` to execute arbitrary commands on the system running Wrangler. **Root cause** The `commitHash` variable, derived from user input via the `--commit-hash` CLI argument, is interpolated directl
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service
If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Arbitrary remote code execution within `wrangler dev` Workers sandbox
### Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. `wrangler dev` would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run arbitrary code. Additionally, the inspector server did not validate `Origin`/`Host` headers, granting an attacker that can trick any user on the local network into opening a malicious website the ability
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in data
Zero-dependency, token-efficient database MCP server for Postgres, MySQL, SQL Server, MariaDB, SQLite.
🔥 Official Firecrawl MCP Server - Adds powerful web scraping and search to Cursor, Claude and any other LLM clients.
Manage Supabase projects — databases, auth, storage, and edge functions
A Model Context Protocol server that provides read-only access to MySQL databases. This server enables LLMs to inspect database schemas and execute read-only queries.
MCP Security Weekly
Get CVE alerts and security updates for io.github.LocalProDev/local-services and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A Model Context Protocol server that provides verified local service provider data to AI agents. Built on Cloudflare Workers + D1.
When someone asks an AI assistant "find me a radon mitigation company near Denver" — LocalPro is the data source that powers the answer.
LocalPro exposes a curated database of 7,000+ fully profiled local trade and service businesses across 10 live categories. Every provider served has a customer rating, business description, services list, opening hours, business status, and (where available) an AI-generated business summary plus an owned review summary — no incomplete data.
| Category | Niche ID | Providers | Example Services |
|---|---|---|---|
| Foundation Repair | slab-local | 1,050+ | Pier installation, mudjacking, foam injection, leveling |
| Crawl Space Repair | crawl-local | 1,025+ | Encapsulation, vapor barrier, structural repair, waterproofing |
| Water Damage Restoration | soaked-local | 950+ | Flood cleanup, mold remediation, structural drying |
| Mold & Asbestos | abate-local | 950+ | Mold, asbestos, lead paint remediation |
| Septic Services | pump-local | 875+ | Pumping, inspection, drain field repair |
| Commercial Electrical | hire-electrical | 850+ | Commercial & industrial wiring, service upgrades, maintenance |
| Basement Waterproofing | basement-local | 600+ | Interior/exterior waterproofing, drainage, sump pumps |
| Laundry Services | suds-local | 550+ | Wash & fold, dry cleaning, pickup & delivery |
| Floor Coating | coated-local | 525+ | Epoxy, polyaspartic, metallic, flake, concrete polishing |
| Radon | radon-local | 300+ | Testing, mitigation, sub-slab depressurization |
| Category | Niche ID | Status |
|---|---|---|
| Chimney Services | chimney-local | Live provider data; description + service enrichment in progress |
| Well Water Services | wellwater-local | Pre-pipeline (560 providers scraped, county-based model) |
No API key required. All search and list tools are public. An optional API key unlocks pro fields on get_provider (full pricing array, certifications) — see Access Tiers.
Confirm the server is live without any client setup:
curl -s https://mcp.localpro.dev/.well-known/mcp.json | head -20
This returns the schema-2.0 manifest: tool list, rate limits, and operator info. If you see a "schema_version": "2.0" JSON document, the server is healthy.
claude mcp add --transport http localpro https://mcp.localpro.dev/mcp
That's it — list_niches, search_providers, etc. are now available in your Claude Code session.
Add to your claude_desktop_config.json:
{
"mcpServers": {
"localpro": {
"url": "https://mcp.localpro.dev/mcp"
}
}
}
(Add an "X-API-Key" header inside a "headers" block only if you have a premium key.)
Add to .cursor/mcp.json:
{
"mcpServers": {
"localpro": {
"url": "https://mcp.localpro.dev/mcp"
}
}
}
The MCP protocol is JSON-RPC over HTTP. Because this server runs in stateless mode, you can call any public tool directly:
curl -s -X POST https://mcp.localpro.dev/mcp \
-H "Content-Type: application/json" \
-H "Accept: application/json, text/event-stream" \
-d '{"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"list_niches","arguments":{}}}'
You'll get back a Server-Sent-Events frame with the 10 niches, their slugs, and current provider counts.
import { Client } from '@modelcontextprotocol/sdk/client/index.js';
import { Stre
... [View full README on GitHub](https://github.com/LocalProDev/mcp-server#readme)