Is io.github.sp0oby/zkshare safe to use?

io.github.sp0oby/zkshare has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install io.github.sp0oby/zkshare?

io.github.sp0oby/zkshare supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with io.github.sp0oby/zkshare?

io.github.sp0oby/zkshare is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is io.github.sp0oby/zkshare actively maintained?

io.github.sp0oby/zkshare is recently maintained — last commit was 30 days ago.

io.github.sp0oby/zkshare

zkshare-mcp

ZKshare stdio MCP: store/prove/share, semantic search, sandbox proxy to HTTPS /api/v1/context.

14/wk 0 tools GitHub npm

No known CVEs

No license

Maintained

Last commit 30d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-sp0oby-zkshare": {
      "args": [
        "-y",
        "zkshare-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-sp0oby-zkshare)](https://mcppedia.org/s/io-github-sp0oby-zkshare)

Read me

What io.github.sp0oby/zkshare does

ZKshare stdio MCP: store/prove/share, semantic search, sandbox proxy to HTTPS /api/v1/context.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'zkshare-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

52/100across 5 weighted dimensions

How we score →

0255075100

−48

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked zkshare-mcp against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.sp0oby/zkshare safe to use?: io.github.sp0oby/zkshare has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.sp0oby/zkshare?: io.github.sp0oby/zkshare supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.sp0oby/zkshare?: io.github.sp0oby/zkshare is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.sp0oby/zkshare actively maintained?: io.github.sp0oby/zkshare is recently maintained — last commit was 30 days ago.

Similar servers

Others in search

View all →

Brave Search MCP Server98

Web and local search using Brave Search API

86.5k 2

Tavily Mcp96

Production ready MCP server with real-time search, extract, map & crawl.

2.0k 4

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

Firecrawl Mcp95

MCP server for Firecrawl — search, scrape, and interact with the web. Supports both cloud and self-hosted instances. Features include web search, scraping, page interaction, batch processing, and LLM-powered content analysis.

6.4k 5

MCP Security Weekly

Get CVE alerts and security updates for io.github.sp0oby/zkshare and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "io-github-sp0oby-zkshare": {
      "args": [
        "-y",
        "zkshare-mcp"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/io-github-sp0oby-zkshare)](https://mcppedia.org/s/io-github-sp0oby-zkshare)

Read me

What io.github.sp0oby/zkshare does

ZKshare stdio MCP: store/prove/share, semantic search, sandbox proxy to HTTPS /api/v1/context.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'zkshare-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

zkShare

Privacy-oriented context API for users, AI agents, and back-office systems. A single HTTP entrypoint (POST /api/v1/context) handles encrypted fact storage, commitment-based proof envelopes, semantic search over encrypted data, end-to-end-encrypted (client-sealed) facts, and a isolated sandbox execution for sensitive computations. The implementation is a Next.js (App Router) application backed by PostgreSQL with pgvector.

This document is for developers integrating against the API and operators self-hosting the service. It is not a marketing brochure — pricing tiers, dashboards, and billing are optional layers defined separately in the application code.

Privacy and security model

The platform is designed around three trust boundaries:

Boundary	What the operator can see	What stays private
Server-sealed store	Ciphertext, IV, auth tag, commitment, embedding vector. The server holds the AES-256-GCM key (`ZKSHARE_ENCRYPTION_SECRET`) and decrypts in memory only when the caller invokes `prove`, `share`, or `search` summaries.	Database operators (without the encryption secret) and direct table readers (RLS denies `anon` and `authenticated`) cannot read plaintext.
Client-sealed (E2EE) store	Opaque ciphertext blobs, IV, auth tag, commitment, and a caller-supplied embedding vector. The server never receives or derives plaintext, and never calls an embedding model on the fact.	The platform operator. Decryption requires the caller's own key, which never leaves the caller.
Proof envelopes	A versioned, HMAC-signed JSON envelope (commitment + query + yes/no answer + nonce). Verifiable by anyone holding `ZKSHARE_PROOF_SECRET`.	The fact plaintext used to derive the answer is never included in the envelope.

What this means in practice

Users can prove a property of a personal fact (for example, "the user prefers beach trips") to a third party without exposing the underlying value. The third party verifies the envelope through verify_proof.
Agents can hold and exchange context across sessions or tool boundaries without surfacing the raw values to downstream systems. Sharing produces a single-use, time-bound share_token bound to a recipient agent identifier.
Businesses integrating the API can offer privacy guarantees that are technical, not contractual — RLS denies direct table access, the encryption key is server-only, the proof HMAC secret is server-only, and the client-sealed path lets sensitive data stay outside the operator's reach entirely.

SECURITY.md is the canonical reference for the threat model, the trust model summary, vulnerability disclosure, the operator checklist, and third-party LLM exposure controls.

API contract

Operation	Behavior
`store`	Server-sealed: caller sends `value`. Server encrypts with AES-256-GCM, computes a salted commitment, generates an embedding (or accepts a 1536-dim `embedding`), and persists with `client_encrypted = false`. Client-sealed: caller sends `ciphertext`, `iv`, `auth_tag`, `commitment`, and the required `embedding`. Server stores blobs and the vector, sets `client_encrypted = true`, and never derives anything from the plaintext or label.
`prove`	Loads a server-sealed fact, decrypts in memory, derives a yes/no answer for the supplied query (LLM with `temperature: 0`, or a heuristic when external LLMs are disabled), and returns an HMAC-signed proof envelope. Returns `422 / CLIENT_ENCRYPTED` if the fact is client-sealed.
`share`	Same as `prove`, plus inserts a row into `share_tokens` (recipient_agent_id, expiry, proof) and returns a `share_token`. The token is a 24-byte base64url string, valid for seven days.
`search`	Embeds the query, calls `match_facts` (a `security definer` SQL function with cosine distance ove

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

52/100across 5 weighted dimensions

How we score →

0255075100

−48

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked zkshare-mcp against OSV.dev.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is io.github.sp0oby/zkshare safe to use?: io.github.sp0oby/zkshare has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install io.github.sp0oby/zkshare?: io.github.sp0oby/zkshare supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with io.github.sp0oby/zkshare?: io.github.sp0oby/zkshare is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is io.github.sp0oby/zkshare actively maintained?: io.github.sp0oby/zkshare is recently maintained — last commit was 30 days ago.