Is a qweather mcp server safe to use?

a qweather mcp server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install a qweather mcp server?

a qweather mcp server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with a qweather mcp server?

a qweather mcp server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is a qweather mcp server actively maintained?

a qweather mcp server is actively maintained — last commit was 19 days ago. It has 5 GitHub stars.

a qweather mcp server

@overstarry/qweather-mcp

5 0 tools GitHub npm

No known CVEs

No license

Actively maintained

Last commit 19d ago

Works with most clients

Transport: stdio, sse

0 tools

Grade F

Edit this pageView history

Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "qweather": {
      "env": {
        "QWEATHER_API_KEY": "<your-api-key>",
        "QWEATHER_API_BASE": "<your-api-url>"
      },
      "args": [
        "-y",
        "qweather-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-overstarry-qweather-mcp)](https://mcppedia.org/s/io-github-overstarry-qweather-mcp)

Read me

What a qweather mcp server does

MCP server for QWeather API, providing comprehensive weather information query capabilities through Model Context Protocol (MCP).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@overstarry/qweather-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @overstarry/qweather-mcp against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is a qweather mcp server safe to use?: a qweather mcp server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install a qweather mcp server?: a qweather mcp server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with a qweather mcp server?: a qweather mcp server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is a qweather mcp server actively maintained?: a qweather mcp server is actively maintained — last commit was 19 days ago. It has 5 GitHub stars.

Similar servers

Others in maps

View all →

Tomtom Mcp90

A Model Context Protocol (MCP) server providing TomTom's location services, search, routing, and traffic data to AI agents.

46 1

io.github.srivastsh/bart-mcp90

Real-time BART departures, trip planning, fares, stations, and advisories.

io.github.vessel-api/vesselapi-mcp88

MCP server for the VesselAPI — maritime vessel tracking, port events, emissions, and navigation data

dev.forgesworn/rendezvous-mcp87

Fair meeting point discovery for AI agents with isochrone-based travel time fairness

MCP Security Weekly

Get CVE alerts and security updates for a qweather mcp server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "qweather": {
      "env": {
        "QWEATHER_API_KEY": "<your-api-key>",
        "QWEATHER_API_BASE": "<your-api-url>"
      },
      "args": [
        "-y",
        "qweather-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-overstarry-qweather-mcp)](https://mcppedia.org/s/io-github-overstarry-qweather-mcp)

Read me

What a qweather mcp server does

MCP server for QWeather API, providing comprehensive weather information query capabilities through Model Context Protocol (MCP).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@overstarry/qweather-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

qweather-mcp

English | 简体中文

MCP server for QWeather API, providing comprehensive weather information query capabilities through Model Context Protocol (MCP).

✨ Features

🌤️ Real-time weather queries
📅 Multi-day weather forecasts (3/7/10/15/30 days)
🔐 JWT (EdDSA/Ed25519) and legacy API Key authentication
🔌 Custom API base URL support
🛠️ Complete tool integration

📦 Installation

Via Smithery

Recommended: Install automatically for Claude Desktop using Smithery:

npx -y @smithery/cli install @overstarry/qweather-mcp --client claude

Manual Configuration

First, get your credentials from the QWeather Console.
Start the server:

# stdio server
npx -y qweather-mcp

Configure environment variables (pick one of the two auth modes below).

🔐 JWT Authentication (recommended)

QWeather has announced that API Key authentication will be deprecated in 2027 and recommends migrating to JWT (EdDSA + Ed25519). Generate an Ed25519 key pair, upload the public key to the QWeather console, and configure:

QWEATHER_API_BASE=https://<your-host>.qweatherapi.com
QWEATHER_PROJECT_ID=<project-id>
QWEATHER_KEY_ID=<credential-id>
# Either pass the PEM path…
QWEATHER_PRIVATE_KEY_PATH=/path/to/ed25519-private.pem
# …or the PEM content directly (newlines preserved)
# QWEATHER_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----"

If both QWEATHER_PRIVATE_KEY_PATH and QWEATHER_PRIVATE_KEY are provided, the path takes precedence. For QWEATHER_PRIVATE_KEY, the literal two-character sequence \n is auto-converted to real newlines, so the single-line form above works in shells, .env files, and JSON configs.

JSON config example:

{
  "mcpServers": {
    "qweather": {
      "command": "npx",
      "args": ["-y", "qweather-mcp"],
      "env": {
        "QWEATHER_API_BASE": "https://<your-host>.qweatherapi.com",
        "QWEATHER_PROJECT_ID": "<project-id>",
        "QWEATHER_KEY_ID": "<credential-id>",
        "QWEATHER_PRIVATE_KEY_PATH": "/path/to/ed25519-private.pem"
      }
    }
  }
}

JWT details: tokens are signed with alg=EdDSA, iat is back-dated 30s to tolerate clock skew, exp = iat + 900s (15 min, well under QWeather's 24h cap), and tokens are cached and reused until ~30s before expiry. See the official authentication docs.

🔑 API Key Authentication (legacy)

QWEATHER_API_BASE=https://api.qweather.com
QWEATHER_API_KEY=<your-api-key>

JSON config example:

{
  "mcpServers": {
    "qweather": {
      "command": "npx",
      "args": ["-y", "qweather-mcp"],
      "env": {
        "QWEATHER_API_BASE": "<your-api-url>",
        "QWEATHER_API_KEY": "<your-api-key>"
      }
    }
  }
}

Mode detection

Env vars present	Mode
Full JWT vars (`QWEATHER_PROJECT_ID` + `QWEATHER_KEY_ID` + `QWEATHER_PRIVATE_KEY[_PATH]`)	JWT (wins even if `QWEATHER_API_KEY` is also set)
Full JWT vars + `QWEATHER_API_KEY`	JWT (API Key is ignored)
Partial JWT vars + `QWEATHER_API_KEY`	API Key, with a startup warning to stderr
Partial JWT vars only	startup error
`QWEATHER_API_KEY` only	API Key
neither	startup error

The active mode is logged to stderr at startup, e.g. Weather MCP Server running on stdio (auth: JWT/EdDSA).

🛠️ Available Tools

get-weather-now

Get cur

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @overstarry/qweather-mcp against OSV.dev.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is a qweather mcp server safe to use?: a qweather mcp server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install a qweather mcp server?: a qweather mcp server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with a qweather mcp server?: a qweather mcp server is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is a qweather mcp server actively maintained?: a qweather mcp server is actively maintained — last commit was 19 days ago. It has 5 GitHub stars.