io.github.ooples/token-optimizer-mcp

Intelligent token optimization achieving 95%+ reduction through caching, compression, and 80+ tools

ActiveNot tested

★ 42↓ 2397.3k/wknpm GitHub

53No CVEsactive

Quick Install

{
  "mcpServers": {
    "io-github-ooples-token-optimizer-mcp": {
      "args": [
        "-y",
        "semantic-release"
      ],
      "command": "npx"
    }
  }
}

Setup guide

Should you use this server?

Intelligent token optimization achieving 95%+ reduction through caching, compression, and 80+ tools

✓

Is it safe?

No known CVEs for semantic-release. 2 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

✓

Is it maintained?

Last commit 5 days ago. 42 stars. 2,397,260 weekly downloads.

Will it work with my client?

Transport: stdio. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'semantic-release' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Score Breakdown

MCPpedia Score

Click each category to see evidence

53C

Last scored 12h ago

How we score →

Security

19/30

No open vulnerabilities. 2 fixed CVEs.

✓

Known CVEs — No known CVEs for semantic-releasecheck OSV.dev

○

Tool safety — No tools to analyze

○

Advisories (0 open, 2 fixed)

lowCVSS 3.1CVE-2022-31051Fixed

Exposure of Sensitive Information to an Unauthorized Actor in semantic-release

### Impact _What kind of vulnerability is it? Who is impacted?_ Secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by [encodeURI](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI). Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. ##

Affected: >= 17.0.4Fixed in 19.0.3Published Jun 9, 2022source \u2192

lowCVSS 3.1CVE-2020-26226Fixed

Secret disclosure when containing characters that become URI encoded

### Impact Secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. ### Patches Fixed in v17.2.3 ### Workarounds Secrets that do not contain characters that become encoded when included in a URL are already masked properly.

Affected: >= 0Fixed in 17.2.3Published Nov 18, 2020source \u2192