Is Jgrants Mcp Server safe to use?

Jgrants Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Jgrants Mcp Server?

Jgrants Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Jgrants Mcp Server?

Jgrants Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.

Is Jgrants Mcp Server actively maintained?

Jgrants Mcp Server is recently maintained — last commit was 53 days ago. It has 45 GitHub stars.

Jgrants Mcp Server

Name: Jgrants Mcp Server
Author: digital-go-jp

Official

uv · by digital-go-jp

45 0 tools GitHub PyPI

No known CVEs

MIT license

Maintained

Last commit 53d ago

Works with most clients

Transport: stdio, http

0 tools

Grade F

Edit this pageView history

Legal Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "jgrants-mcp-server": {
      "args": [
        "uv"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/jgrants-mcp-server)](https://mcppedia.org/s/jgrants-mcp-server)

Read me

What Jgrants Mcp Server does

デジタル庁が運用する補助金電子申請システム「Jグランツ」の公開APIをModel Context Protocol（MCP）サーバーとして実装。FastMCPフレームワークを使用し、LLMから自然言語で補助金検索・詳細取得が可能です。

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'uv' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

4 fixed

GHSA-pjjw-68hj-v9mwmedium · fixedCVSS 4

uv vulnerable to arbitrary file deletion through RECORD entries

## Impact Wheel RECORD entries can contain relative paths that traverse outside of the wheel’s installation prefix. In versions 0.11.5 and earlier of uv, these wheels were not rejected on installation and the RECORD was respected without validation on uninstall. uv uses the RECORD to determine files to remove on uninstall. Consequently, a malicious or malformed wheel could induce deletion of arbitrary files outside of the wheel’s installation prefix on uninstall. uv does not use the RECORD fi

Affected: >= 0Fixed in 0.11.6source →

CVE-2025-13327medium · fixedCVSS 4

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Affected: >= 0Fixed in 0.9.6source →

GHSA-w476-p2h3-79g9info · fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Affected: >= 0Fixed in 0.9.5source →

CVE-2025-54368medium · fixedCVSS 4

uv allows ZIP payload obfuscation through parsing differentials

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target

Affected: >= 0Fixed in 0.8.6source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Jgrants Mcp Server safe to use?: Jgrants Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Jgrants Mcp Server?: Jgrants Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Jgrants Mcp Server?: Jgrants Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Jgrants Mcp Server actively maintained?: Jgrants Mcp Server is recently maintained — last commit was 53 days ago. It has 45 GitHub stars.

Similar servers

Others in legal / finance

View all →

Korean Law Mcp95

87 tools for Korean law — statutes, precedents, ordinances, interpretations | MCP Server · CLI · npm

1.9k 7

Alpha Vantage Mcp95

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

158 3

Investor Agent93

A Model Context Protocol server for building an investor agent

329 7

io.github.jasonxkensei/xproof92

Proof primitive for AI agents on MultiversX. Anchor file hashes on-chain as verifiable proofs.

1 1

MCP Security Weekly

Get CVE alerts and security updates for Jgrants Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Legal Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "jgrants-mcp-server": {
      "args": [
        "uv"
      ],
      "command": "uvx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/jgrants-mcp-server)](https://mcppedia.org/s/jgrants-mcp-server)

Read me

What Jgrants Mcp Server does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'uv' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Jグランツ MCP Server

デジタル庁が運用する補助金電子申請システム「Jグランツ」の公開APIをModel Context Protocol（MCP）サーバーとして実装。FastMCPフレームワークを使用し、LLMから自然言語で補助金検索・詳細取得が可能です。

特徴

リモート対応: Streamable-HTTP経由でリモート接続可能
高度な検索機能: キーワード、業種、従業員数、地域での絞り込み
統計分析: 補助金の統計情報を自動集計（締切期間別、金額規模別）
ファイルダウンロード: 募集要項や申請書類の自動ダウンロード・保存
添付資料アクセス: PDFなどの添付資料をMarkdown/BASE64形式で取得可能
LLM統合: 自然言語での補助金検索と詳細取得
ファイル変換: PDF、Word、Excel、ZIPなど多様な形式をMarkdownに変換
動的ツール検出: サーバーのツール変更を自動検出・適応
FastMCP: 最新のFastMCPフレームワーク (v2.12.2) を使用
Prompts/Resources: LLM向けのガイドとリソースを提供

動作確認環境

Claude Desktop: v0.7.10以上
Python: 3.11以上
FastMCP: 2.12.2以上

クイックスタート

前提条件

Python 3.11以上
pip (Pythonパッケージマネージャー)

環境セットアップ

# リポジトリのクローン
git clone https://github.com/digital-go-jp/jgrants-mcp-server.git
cd jgrants-mcp-server

# Python仮想環境の作成
python -m venv venv

# 仮想環境の有効化
# macOS/Linux:
source venv/bin/activate
# Windows:
# venv\Scripts\activate

# 依存パッケージのインストール
pip install -r requirements.txt

UV を使った環境セットアップ（推奨）

UV は高速なPythonパッケージマネージャーです。より高速なインストールを実現します。

# リポジトリのクローン
git clone https://github.com/digital-go-jp/jgrants-mcp-server.git
cd jgrants-mcp-server

# UVで仮想環境を作成
uv venv

# 仮想環境の有効化
source .venv/bin/activate

# UVで依存パッケージをインストール
uv pip install -r requirements.txt

環境変数（オプション）

必要に応じて以下の環境変数を設定できます：

環境変数	デフォルト値	説明
`JGRANTS_FILES_DIR`	`./jgrants_files`	添付ファイル保存ディレクトリ
`API_BASE_URL`	`https://api.jgrants-portal.go.jp/exp/v1/public`	JグランツAPIエンドポイント

設定例：

export JGRANTS_FILES_DIR=/tmp/jgrants_files

サーバー起動

HTTPサーバーモード

# HTTPサーバーを起動（デフォルト: localhost:8000）
python -m jgrants_mcp_server.core

# ホストとポートを指定
python -m jgrants_mcp_server.core --host 0.0.0.0 --port 8080

UV を使った起動

UV を使った場合、uv run で直接サーバーを起動できます：

# HTTPサーバーを起動（デフォルト: localhost:8000）
uv run python -m jgrants_mcp_server.core

# ホストとポートを指定
uv run python -m jgrants_mcp_server.core --host 0.0.0.0 --port 8484

サーバー起動後、以下のエンドポイントが利用可能になります：

MCP エンドポイント: http://localhost:8000/mcp もしくは http://127.0.0.1:8000/mcp
トランスポート: Streamable-HTTP

Claude Desktop との連携

FastMCP CLI経由での接続（推奨）

Claude Desktop は stdio 接続のみサポートするため、FastMCP CLIをHTTPプロキシとして使用します。この方法はResources、Prompts、Toolsのすべての機能をサポートします。

MCP Server を起動:

python -m jgrants_mcp_server.core --port 8000

Claude Desktop 設定ファイルを編集:

macOS: ~/Library/Application Support/Claude/claude_desktop_config.json Windows: %APPDATA%\Claude\claude_desktop_config.json Linux: ~/.config/Claude/claude_desktop_config.json
```
{
  "mcpServers": {
    "jgrants": {
      "command": "uvx",
      "args": [
        "fastmcp",
        "run",
        "http://localhost:8000/mcp"
      ]
    }
  }
}
```
備考:
- localhostでうまくいかない場合は 127.0.0.1 でお試しください
- uvxはuvのコマンドラインツール実行機能です（pip install uvでインストール）
- uvxがインストールされていない場合は、fastmcpを直接使用することもできます：
```
{
  "mcpServers": {
    "jgrants": {
      "command": "fastmcp",
      "args": [
        "run",
        "http://localhost:8000/mcp"
      ]
    }
  }
}
```
Claude Desktop を再起動

Roo-Code との連携

Roo-Code は VS Code 拡張機能で、Streamable-HTTP 経由での MCP サーバー接続をサポートしています。

Streamable-HTTP接続の設定

リモートサーバーでMCPサーバーを起動:

uv run python -m jgrants_mcp_server.core --host 0.0.0.0 --port 8484

Roo-Code の MCP 設定ファイルを編集:

VS Code で Roo-Code 拡張機能をインストール後、MCP 設定を編集します。

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

53/100across 5 weighted dimensions

How we score →

0255075100

−47

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

4 fixed

GHSA-pjjw-68hj-v9mwmedium · fixedCVSS 4

uv vulnerable to arbitrary file deletion through RECORD entries

Affected: >= 0Fixed in 0.11.6source →

CVE-2025-13327medium · fixedCVSS 4

uv allows ZIP payload obfuscation through parsing differentials

Affected: >= 0Fixed in 0.9.6source →

GHSA-w476-p2h3-79g9info · fixed

uv has differential in tar extraction with PAX headers

Affected: >= 0Fixed in 0.9.5source →

CVE-2025-54368medium · fixedCVSS 4

uv allows ZIP payload obfuscation through parsing differentials

Affected: >= 0Fixed in 0.8.6source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Jgrants Mcp Server safe to use?: Jgrants Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Jgrants Mcp Server?: Jgrants Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Jgrants Mcp Server?: Jgrants Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio and http transport.
Is Jgrants Mcp Server actively maintained?: Jgrants Mcp Server is recently maintained — last commit was 53 days ago. It has 45 GitHub stars.