Is Jgrants Mcp Server safe to use?

Jgrants Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Jgrants Mcp Server?

Jgrants Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Jgrants Mcp Server?

Jgrants Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is Jgrants Mcp Server actively maintained?

Jgrants Mcp Server is actively maintained — last commit was 2 days ago. It has 40 GitHub stars.

Jgrants Mcp Server

ActiveNot tested

Other

★ 40PyPI GitHub

50CNo CVEsactiveMIT

Quick Install

{
  "mcpServers": {
    "jgrants-mcp-server": {
      "args": [
        "uv"
      ],
      "command": "uvx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/jgrants-mcp-server)](https://mcppedia.org/s/jgrants-mcp-server)

Should you use this server?

✓

Is it safe?

No known CVEs for uv. 3 previously resolved.

No authentication — any process on your machine can connect.

MIT. View license →

✓

Is it maintained?

Last commit 2 days ago. 40 stars.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'uv' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Score Breakdown

MCPpedia Score

Click each category to see evidence

50C

Last scored 21h ago

How we score →

Security

23/30

Advisories (0 open, 3 fixed)

mediumCVSS 4CVE-2025-13327Fixed

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Affected: >= 0Fixed in 0.9.6Published Oct 29, 2025source \u2192

infoGHSA-w476-p2h3-79g9Fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Affected: >= 0Fixed in 0.9.5Published Oct 21, 2025source \u2192

mediumCVSS 4CVE-2025-54368Fixed

uv allows ZIP payload obfuscation through parsing differentials

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target

Affected: >= 0Fixed in 0.8.6Published Aug 7, 2025source \u2192

Frequently Asked Questions

Is Jgrants Mcp Server safe to use?: Jgrants Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Jgrants Mcp Server?: Jgrants Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Jgrants Mcp Server?: Jgrants Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is Jgrants Mcp Server actively maintained?: Jgrants Mcp Server is actively maintained — last commit was 2 days ago. It has 40 GitHub stars.

Jgrants Mcp Server

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Advisories (0 open, 3 fixed)

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion