io.github.matbanik/pomera

pomera-ai-commander

Desktop text workbench + MCP server: 22+ text processing tools for AI assistants

2 46/wk 0 tools GitHub npm PyPI

No known CVEs

No license

Actively maintained

Last commit 3d ago

Works with most clients

Transport: stdio, http

0 tools

Grade F

Edit this pageView history

Writing Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "pomera": {
      "command": "pomera-ai-commander",
      "timeout": 3600
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-matbanik-pomera)](https://mcppedia.org/s/io-github-matbanik-pomera)

Read me

What io.github.matbanik/pomera does

A desktop text "workbench" + MCP server: clean, transform, extract, and analyze text fast—manually in a GUI or programmatically from AI assistants (Cursor / Claude Desktop / MCP clients).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'pomera-ai-commander' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

56/100across 5 weighted dimensions

How we score →

0255075100

−44

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-25645low · fixedCVSS 3.1

Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function

### Impact The `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker with write access to the temp directory could pre-create a malicious file that would be loaded in place of the legitimate one. ### Affected usages **Standard usage of the Requests library is not affected by this vulnerability.** Only app

Affected: >= 0Fixed in 2.33.0source →

CVE-2024-47081low · fixedCVSS 3.1

Requests vulnerable to .netrc credentials leak via malicious URLs

### Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. ### Workarounds For older versions of Requests, use of the .netrc file can be disabled with `trust_env=False` on your Requests Session ([docs](https://requests.readthedocs.io/en/latest/api/#requests.Session.trust_env)). ### References https://github.com/psf/requests/pull/6965 https://seclists.org/fulldisclosure/2025/Jun/2

Affected: >= 0Fixed in 2.32.4source →

CVE-2024-35195low · fixedCVSS 3.1

Requests `Session` object does not verify requests after making first request with verify=False

When using a `requests.Session`, if the first request to a given origin is made with `verify=False`, TLS certificate verification may remain disabled for all subsequent requests to that origin, even if `verify=True` is explicitly specified later. This occurs because the underlying connection is reused from the session's connection pool, causing the initial TLS verification setting to persist for the lifetime of the pooled connection. As a result, applications may unintentionally send requests w

Affected: >= 0Fixed in 2.32.0source →

CVE-2023-32681info · fixed

PYSEC-2023-74

Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header

Affected: >= 0Fixed in 74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5source →

CVE-2018-18074info · fixed

PYSEC-2018-28

The Requests package before 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote attackers to discover credentials by sniffing the network.

Affected: >= 0Fixed in c45d7c49ea75133e52ab22a8e9e13173938e36ffsource →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.matbanik/pomera safe to use?: io.github.matbanik/pomera has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.matbanik/pomera?: io.github.matbanik/pomera supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.matbanik/pomera?: io.github.matbanik/pomera is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is io.github.matbanik/pomera actively maintained?: io.github.matbanik/pomera is actively maintained — last commit was 3 days ago. It has 2 GitHub stars.

Similar servers

Others in writing / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for io.github.matbanik/pomera and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Frequently Asked Questions

Is io.github.matbanik/pomera safe to use?

io.github.matbanik/pomera has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.matbanik/pomera?

io.github.matbanik/pomera supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.matbanik/pomera?

io.github.matbanik/pomera is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is io.github.matbanik/pomera actively maintained?

io.github.matbanik/pomera is actively maintained — last commit was 3 days ago. It has 2 GitHub stars.