Is Mbta Mcp Server safe to use?

Mbta Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Mbta Mcp Server?

Mbta Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Mbta Mcp Server?

Mbta Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Mbta Mcp Server actively maintained?

Mbta Mcp Server is not actively maintained — last commit was 368 days ago.

Mbta Mcp Server

Name: Mbta Mcp Server
Author: crdant

by crdant

0 tools GitHub

No known CVEs

MIT license

Stale

Last commit 368d ago

Works with most clients

Transport: stdio

0 tools

Grade F

Edit this pageView history

Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mbta-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mbta-mcp-server)](https://mcppedia.org/s/mbta-mcp-server)

Read me

What Mbta Mcp Server does

An MCP server that communicates with the MBTA API to provide Boston-area transit information.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mbta Mcp Server safe to use?: Mbta Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mbta Mcp Server?: Mbta Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Mbta Mcp Server?: Mbta Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Mbta Mcp Server actively maintained?: Mbta Mcp Server is not actively maintained — last commit was 368 days ago.

Similar servers

Others in maps

View all →

io.github.srivastsh/bart-mcp90

Real-time BART departures, trip planning, fares, stations, and advisories.

Tomtom Mcp90

A Model Context Protocol (MCP) server providing TomTom's location services, search, routing, and traffic data to AI agents.

46 1

io.github.vessel-api/vesselapi-mcp88

MCP server for the VesselAPI — maritime vessel tracking, port events, emissions, and navigation data

io.github.WorldWeatherOnline/wwo-mcp87

Global weather API: forecasts, historical data, marine, ski, astronomy and timezone.

1 8

MCP Security Weekly

Get CVE alerts and security updates for Mbta Mcp Server and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Maps & Geo

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mbta-mcp-server": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mbta-mcp-server)](https://mcppedia.org/s/mbta-mcp-server)

Read me

What Mbta Mcp Server does

An MCP server that communicates with the MBTA API to provide Boston-area transit information.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

MBTA MCP Server

An MCP server that communicates with the MBTA API to provide Boston-area transit information.

This Machine Learning Control Protocol (MCP) server integrates with the Massachusetts Bay Transportation Authority (MBTA) API to provide real-time and scheduled transit information for the Boston area. It enables AI assistants to access MBTA data through a standardized interface.

Features

Real-time transit predictions
Service alerts and disruptions
Route and schedule information
Accessibility information
Trip planning assistance
Location-based station finding

Installation

Docker

docker pull ghcr.io/crdant/mbta-mcp-server:latest
docker run -e MBTA_API_KEY="your-api-key" ghcr.io/crdant/mbta-mcp-server:latest

Go Installation

go install github.com/username/mbta-mcp-server@latest

Configuration

Set your MBTA API key in the environment:

export MBTA_API_KEY="your-api-key"

Usage

The server implements the MCP stdio protocol for local usage with AI assistants.

For more detailed information, see the specification.

Supply Chain Security

Container Image Signing

All container images are signed using Sigstore's Cosign with keyless signing. This allows users to verify that the container image was built by our GitHub Actions CI/CD pipeline.

Signing Security Practice

We follow the best practice for container image signing:

We sign only the image digest (content hash) - This is the most secure approach since the digest is a unique, immutable identifier for the specific content. By signing only the digest, we avoid any potential security issues that could arise from mutable tags like latest.

Verifying Container Images

To verify our container images, always verify by digest:

# Get the digest first (using any tag to lookup the image)
DIGEST=$(crane digest ghcr.io/crdant/mbta-mcp-server:1.2.3)

# Verify the image by digest
cosign verify \
  --certificate-identity "https://github.com/crdant/mbta-mcp-server/.github/workflows/build.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  ghcr.io/crdant/mbta-mcp-server@$DIGEST

Software Bill of Materials (SBOM)

Each build generates a comprehensive Software Bill of Materials (SBOM) that lists all components included in the container image. The SBOM is:

Generated during the build process
Signed with a GitHub-issued certificate using the actions/attest-sbom tool
Available as a GitHub Actions artifact with each build
Attached to the container image as an attestation by digest

To verify the SBOM attestation:

# Get the digest first (most reliable approach)
DIGEST=$(crane digest ghcr.io/crdant/mbta-mcp-server:1.2.3)

# Verify the SBOM attestation by digest
cosign verify-attestation \
  --certificate-identity "https://github.com/crdant/mbta-mcp-server/.github/workflows/build.yml@refs/heads/main" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  --type spdx \
  ghcr.io/crdant/mbta-mcp-server@$DIGEST

Vulnerability Scanning

We use Trivy to scan our container images for vulnerabilities:

Container images are automatically scanned after they're built
Results are uploaded to GitHub Security in SARIF format
Critical and High severity vulnerabilities are reported
Scans focus on vulnerabilities with available fixes

These security measures help ensure our software supply chain is secure and transparent from source code to container deployment.

License

MIT License

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mbta Mcp Server safe to use?: Mbta Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Mbta Mcp Server?: Mbta Mcp Server can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with Mbta Mcp Server?: Mbta Mcp Server is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Mbta Mcp Server actively maintained?: Mbta Mcp Server is not actively maintained — last commit was 368 days ago.