Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"sevalla": {
"url": "https://mcp.sevalla.com/mcp"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Give AI agents full access to the Sevalla PaaS API. Just 2 tools.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'pnpm' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config
## Summary `pnpm` accepts package names from the env lockfile `configDependencies` section and uses those names directly when creating config dependency symlinks under `node_modules/.pnpm-config`. A malicious repository can commit a crafted `pnpm-lock.yaml` whose env-lockfile document contains a traversal-shaped config dependency name such as `../../PWNED_CFGDEP`. During `pnpm install`, pnpm installs the config dependency and creates a symlink at a path derived from that name. In local testin
pnpm: `patch-remove` could delete project-selected files outside the patches directory
## Summary The `patch-remove` deletion-scope issue tracked as GHSA-72r4-9c5j-mj57 / CAND-PNPM-030 has been addressed in pnpm. A crafted patch entry could resolve outside the configured patches directory and cause `pnpm patch-remove` to delete an arbitrary reachable file. This patch validates the configured directory and every resolved target before unlinking anything, then deletes the final directory entry without following it. ## Security boundary - Traversal and absolute paths that resolve
pnpm: Hoisted install imports lockfile alias outside node_modules
## Summary The hoisted dependency alias issue tracked as GHSA-fr4h-3cph-29xv / CAND-PNPM-059 has been addressed in both pnpm and pacquet. A crafted lockfile alias could be joined directly under a hoisted `node_modules` directory. Traversal aliases could escape that directory, while reserved aliases such as `.bin` or `.pnpm` could overwrite pnpm-owned layout. This patch validates package-name semantics and path containment before graph insertion or filesystem work. ## Security boundary - The
pnpm: `stage download` writes outside its destination directory via manifest name/version traversal
## Summary The staged-tarball filename traversal reported as GHSA-v23m-ccfg-pq9h / CAND-PNPM-038 is fixed on `main` by [pnpm/pnpm#12303](https://github.com/pnpm/pnpm/pull/12303), merged as `65443f4bdf1f0db9c8c7dc58fee25252607e9234`. Before the fix, `pnpm stage download` derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields, deri
pnpm: Reserved bin name deletes PNPM_HOME during global remove
<details> <summary>Maintainer Action Plan</summary> ## Maintainer Action Plan This report is ready to review with the shared patch branch. Start with the PR and the expected fixed behavior, then use the detailed exploit narrative below only if you want to replay the original path. - Advisory: `CAND-PNPM-085` / `GHSA-4gxm-v5v7-fqc4` - Advisory URL: https://github.com/pnpm/pnpm/security/advisories/GHSA-4gxm-v5v7-fqc4 - Shared patch PR: https://github.com/pnpm/pnpm-ghsa-j2hc-m6cf-6jm8/pull/1 - S
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in cloud
⚡ A Simple / Speedy / Secure Link Shortener with Analytics, 100% run on Cloudflare.
MCP Server for GCP environment for interacting with various Observability APIs.
MCP Server for kubernetes management commands
MCP server for Hostinger API
MCP Security Weekly
Get CVE alerts and security updates for io.github.sevalla-hosting/mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A remote Model Context Protocol server that exposes the entire Sevalla PaaS API through just 2 tools instead of ~200. AI agents write JavaScript that runs in sandboxed V8 isolates to discover and call any API endpoint on demand.
search - query the OpenAPI spec to discover endpoints, parameters, and schemasexecute - run JavaScript in a sandboxed V8 isolate that calls the API via sevalla.request()This reduces context window usage by ~99% compared to traditional one-tool-per-endpoint approaches.
Cloudflare came up with the Code Mode MCP pattern: instead of registering one tool per API endpoint, you give the agent two tools. One to search the API spec, one to execute code against it. Simple idea, massive difference in practice.
As a Cloudflare partner, we took this pattern and built it for the Sevalla PaaS API. The sandbox architecture and tool design are inspired by codemode, an open-source implementation of the same pattern.
Any MCP client can now manage Sevalla infrastructure through conversation. The AI writes and runs API calls in a secure V8 sandbox. No SDK needed, no boilerplate, no 200-tool context window.
Connect your MCP client to the hosted server at https://mcp.sevalla.com/mcp. Authentication is handled via OAuth — your client will open a browser to log in with your Sevalla account. No API keys needed in the config.
claude mcp add --transport http sevalla https://mcp.sevalla.com/mcp
Then type /mcp inside Claude Code and select Authenticate to complete the OAuth flow.
Add via Settings → Connectors → Add Connector and enter https://mcp.sevalla.com/mcp as the URL. Claude Desktop handles OAuth automatically.
Add to .cursor/mcp.json in your project root:
{
"mcpServers": {
"sevalla": {
"url": "https://mcp.sevalla.com/mcp"
}
}
}
Add to ~/.codeium/windsurf/mcp_config.json:
{
"mcpServers": {
"sevalla": {
"serverUrl": "https://mcp.sevalla.com/mcp"
}
}
}
Add to opencode.json in your project root:
{
"$schema": "https://opencode.ai/config.json",
"mcp": {
"sevalla": {
"type": "remote",
"url": "https://mcp.sevalla.com/mcp"
}
}
}
Then run opencode mcp auth sevalla to complete the OAuth flow.
Sevalla API keys support granular permissions — you can create a read-only key if you want your agent to query infrastructure without modifying it. Full API reference at api-docs.sevalla.com (base URL: api.sevalla.com/v3).
To fully r