Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"memora": {
"args": [
"-y",
"@servation/memora-mcp",
"--stdio"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Turn any conversation into an interactive study session, right inside Claude Desktop. Ask Claude to make a deck and it generates the cards, then renders them as an inline review you can click through: flip flashcards, answer multiple-choice quizzes, and fill in cloze blanks. Every answer updates a spaced-repetition schedule, and your results flow back to Claude so it can drill what you missed.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Packing does not respect root-level ignore files in workspaces
### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` with workspaces, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Up
Incorrect Permission Assignment for Critical Resource in NPM
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.
Local Privilege Escalation in npm
Affected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation. ## Recommendation Update to version 1.3.3 or later.
npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.
npm Vulnerable to Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory. This b
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in education
ARIS ⚔️ (Auto-Research-In-Sleep) — Lightweight Markdown-only skills for autonomous ML research: cross-model review loops, idea discovery, and experiment automation. No framework, no lock-in — works with Claude Code, Codex, OpenClaw, or any LLM agent.
MCP server for NotebookLM - Let your AI agents (Claude Code, Codex) research documentation directly with grounded, citation-backed answers from Gemini. Persistent auth, library management, cross-client sharing. Zero hallucinations, just your knowledge base.
A Model Context Protocol server for searching and analyzing arXiv papers
Search scientific papers with structured experimental data from full-text studies
MCP Security Weekly
Get CVE alerts and security updates for io.github.Servation/memora-mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Turn any conversation into an interactive study session, right inside Claude Desktop. Ask Claude to make a deck and it generates the cards, then renders them as an inline review you can click through: flip flashcards, answer multiple-choice quizzes, and fill in cloze blanks. Every answer updates a spaced-repetition schedule, and your results flow back to Claude so it can drill what you missed.
Keywords: Model Context Protocol, MCP server, MCP Apps, Claude Desktop, flashcards, quizzes, spaced repetition, SRS, FSRS, Anki alternative.
Built on the MCP Apps extension (SEP-1865): core MCP spec 2025-11-25 plus the Apps extension 2026-01-26.
Three ways to study, all rendered inline and all graded the same way:
[...] in a card front and it becomes a cloze card automatically.Spaced repetition: every grade updates a per-card FSRS schedule (via ts-fsrs), so weak cards resurface sooner and due cards come first. Ask "what's due today?" for a summary across all your decks.
Organize with categories: name decks with :: to nest them (e.g. LLM::Attention). Browse the category tree, or the same tree as an interactive mind map, and study a whole branch in one merged session. Quiz decks are flagged with a badge.
Manage your decks: create, append to, edit, rename, and delete decks and cards without leaving the chat. Pass reverse when creating a deck to also drill each card back-to-front (handy for vocabulary).
Just JSON: decks live in data/decks.json, read live on every call. Hand-edit them or let Claude build them. No database, no external service.
| Tool | What it does |
|---|---|
review_deck | Open one deck for review (due cards first). |
study | Review a whole category subtree, merged into one session. |
create_deck | Generate flashcards or cloze cards; reverse also adds back-to-front cards. |
create_quiz | Generate multiple-choice questions. |
grade_card | Record a review result and update the card's FSRS schedule (called by the UI). |
due_today | Summarize what is due across all decks. |
edit_card | Change a card's front and/or back. |
rename_deck | Rename a deck (also moves it in the category tree). |
delete_card | Remove a single card. |
delete_deck | Remove a whole deck. |
Card generation follows Memora's quality rules (atomic single-concept cards, 1-5 word answers, active recall, unambiguous), based on Wozniak's 20 Rules of Formulating Knowledge.
A tool declares a ui:// resource. When Claude calls the tool, the host (Claude Desktop) fetches that resource, renders its HTML in a sandboxed iframe, passes the tool result to the UI, and the UI talks back to the host over JSON-RPC (to grade cards and report progress to the model).
Open **Settings > Developer > Edit Config