An AI Gateway, registry, and proxy that sits in front of any MCP, A2A, or REST/gRPC APIs, exposing a unified endpoint with centralized discovery, guardrails and management. Optimizes Agent & Tool calling, and supports plugins.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"mcpgateway-wrapper": {
"env": {
"MCP_AUTH": "Bearer your-token-here",
"MCP_SERVER_URL": "http://localhost:4444/servers/UUID_OF_SERVER_1",
"MCP_TOOL_CALL_TIMEOUT": "120"
},
"args": [
"-m",
"mcpgateway.wrapper"
],
"command": "python"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
An open source registry and proxy that federates MCP, A2A, and REST/gRPC APIs with centralized governance, discovery, and observability. Optimizes Agent & Tool calling, and supports plugins.
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Five weighted categories — click any category to see the underlying evidence.
MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
An XSS flaw exists in the MCP Inspector local development tool when it renders a redirect URL returned by a remote MCP server. If the Inspector connects to an untrusted server, a crafted redirect can inject script into the Inspector context and, via the built-in proxy, be leveraged to trigger arbitrary command execution on the developer machine. Version 0.16.6 hardens URL handling/validation and prevents script execution. > Thank you to the following researchers for their reports and contributi
MCP Inspector proxy server lacks authentication between the Inspector client and proxy
Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. Credit: Rémy Marot <bughunters@tenable.com>
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in developer-tools / ai-ml
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
Context7 Platform -- Up-to-date code documentation for LLMs and AI code editors
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
MCP Security Weekly
Get CVE alerts and security updates for Mcp Context Forge and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.