Is io.github.rsdouglas/janee safe to use?

io.github.rsdouglas/janee has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access.

How do I install io.github.rsdouglas/janee?

io.github.rsdouglas/janee supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can io.github.rsdouglas/janee do?

io.github.rsdouglas/janee provides 2 tools: execute, janee_exec. See the full tools list on the server page for descriptions and parameters.

What AI clients work with io.github.rsdouglas/janee?

io.github.rsdouglas/janee is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.rsdouglas/janee actively maintained?

io.github.rsdouglas/janee is recently maintained — last commit was 73 days ago. It has 28 GitHub stars.

io.github.rsdouglas/janee

@true-and-useful/create-gh-app

Secure secrets proxy for AI agents — manages API keys so agents never see raw credentials.

28 5/wk 2 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 73d ago

Works with most clients

Transport: stdio, sse, http

2 tools · ~321 tok

Grade A · 0.2% of 200K ctx

Edit this pageView history

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-rsdouglas-janee": {
      "args": [
        "-y",
        "@true-and-useful/create-gh-app"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-rsdouglas-janee)](https://mcppedia.org/s/io-github-rsdouglas-janee)

Read me

What io.github.rsdouglas/janee does

Your AI agents need API access to be useful. But they shouldn't have your raw API keys. > Janee sits between your agents and your APIs — injecting credentials, enforcing policies, and logging everything.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@true-and-useful/create-gh-app' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

82/100across 5 weighted dimensions

How we score →

0255075100

−18

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @true-and-useful/create-gh-app against OSV.dev.

Inventory

Tools (2)

Click any tool to inspect its schema.

~321 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.rsdouglas/janee safe to use?: io.github.rsdouglas/janee has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access.
How do I install io.github.rsdouglas/janee?: io.github.rsdouglas/janee supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.rsdouglas/janee do?: io.github.rsdouglas/janee provides 2 tools: execute, janee_exec. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.rsdouglas/janee?: io.github.rsdouglas/janee is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.rsdouglas/janee actively maintained?: io.github.rsdouglas/janee is recently maintained — last commit was 73 days ago. It has 28 GitHub stars.

Similar servers

Others in ai-ml / security

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

16.0k 6

MCP Security Weekly

Get CVE alerts and security updates for io.github.rsdouglas/janee and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

AI / ML Security

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-rsdouglas-janee": {
      "args": [
        "-y",
        "@true-and-useful/create-gh-app"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-rsdouglas-janee)](https://mcppedia.org/s/io-github-rsdouglas-janee)

Read me

What io.github.rsdouglas/janee does

Your AI agents need API access to be useful. But they shouldn't have your raw API keys. > Janee sits between your agents and your APIs — injecting credentials, enforcing policies, and logging everything.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@true-and-useful/create-gh-app' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Janee 🔐

Secrets management for AI agents via MCP

Your AI agents need API access to be useful. But they shouldn't have your raw API keys. Janee sits between your agents and your APIs — injecting credentials, enforcing policies, and logging everything.

✨ Features


🔒 Zero-knowledge agents	Agents call APIs without ever seeing keys
📋 Full audit trail	Every request logged with timestamp, method, path, status
🛡️ Request policies	Allow/deny rules per capability (e.g., read-only Stripe)
⏱️ Session TTLs	Time-limited access with instant revocation
🔌 Works with any MCP client	Claude Desktop, Cursor, OpenClaw, and more
🏠 Local-first	Keys encrypted on your machine, never sent to a cloud
🖥️ Exec mode	Run CLI tools with injected credentials — agents never see the keys
🤖 GitHub App auth	Short-lived tokens for autonomous agents — no static PATs
🐦 Twitter/X OAuth 1.0a	Per-request OAuth signing — 4 secrets stay encrypted
☁️ AWS SigV4	Sign AWS API requests server-side — SES, S3, and more
🔧 Automatic git auth	`git push/pull` just works when credentials include GitHub tokens

The Problem

AI agents need API access to be useful. The current approach is to give them your keys and hope they behave.

🔓 Agents have full access to Stripe, Gmail, databases
📊 No audit trail of what was accessed or why
🚫 No kill switch when things go wrong
💉 One prompt injection away from disaster

The Solution

Janee is an MCP server that manages API secrets for AI agents:

Store your API keys — encrypted locally in ~/.janee/
Run janee serve — starts MCP server
Agent requests access — via execute MCP tool
Janee injects the real key — agent never sees it
Everything is logged — full audit trail

Your keys stay on your machine. Agents never see them. You stay in control.

Configure Once, Use Everywhere

Set up your APIs in Janee once:

services:
  stripe:
    baseUrl: https://api.stripe.com
    auth: { type: bearer, key: sk_live_xxx }
  github:
    baseUrl: https://api.github.com
    auth: { type: bearer, key: ghp_xxx }
  openai:
    baseUrl: https://api.openai.com
    auth: { type: bearer, key: sk-xxx }

Now every agent that connects to Janee can use them:

Claude Desktop — access your APIs
Cursor — access your APIs
OpenClaw — access your APIs
Any MCP client — access your APIs

No more copying keys between tools. No more "which agent has which API configured?" Add a new agent? It already has access to everything. Revoke a key? Update it once in Janee.

One config. Every agent. Full audit trail.

Quick Start

Install

npm install -g @true-and-useful/janee

Initialize

janee init

This creates ~/.janee/config.yaml with example services.

Add Services

Option 1: Interactive (recommended for first-time users)

janee add

Janee will guide you through adding a service:

Service name: stripe
Base URL: https://api.stripe.com
Auth type: bearer
API key: sk_live_xxx

✓ Added service "stripe"

Create a capability for this service? (Y/n): y
Capability name (default: stripe): 
TTL (e.g., 1h, 30m): 1h
Auto-approve? (Y/n): y

✓ Added capability "stripe"

Done! Run 'janee serve' to start.

Using an AI agent? See [Non-interactive

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

82/100across 5 weighted dimensions

How we score →

0255075100

−18

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked @true-and-useful/create-gh-app against OSV.dev.

Inventory

Tools (2)

Click any tool to inspect its schema.

~321 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.rsdouglas/janee safe to use?: io.github.rsdouglas/janee has no known CVEs as of the latest MCPpedia security scan. It requires authentication to connect, which limits unauthorized access.
How do I install io.github.rsdouglas/janee?: io.github.rsdouglas/janee supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can io.github.rsdouglas/janee do?: io.github.rsdouglas/janee provides 2 tools: execute, janee_exec. See the full tools list on the server page for descriptions and parameters.
What AI clients work with io.github.rsdouglas/janee?: io.github.rsdouglas/janee is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.rsdouglas/janee actively maintained?: io.github.rsdouglas/janee is recently maintained — last commit was 73 days ago. It has 28 GitHub stars.

Similar servers

Others in ai-ml / security

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

16.0k 6

MCP Security Weekly

Get CVE alerts and security updates for io.github.rsdouglas/janee and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?