Mcp Feedback Enhanced

Enhanced MCP server for interactive user feedback and command execution in AI-assisted development, featuring dual interface support (Web UI and Desktop Application) with intelligent environment detection and cross-platform compatibility.

CommunityStaleNot testedUpdated 4/3/2026

★ 3.7kPyPI

Edit this page

MCPpedia
Score

No CVEsstale1 toolsstdioremote

How we score →

Should you use this server?

✓

Is it safe?

No known CVEs for uv. 3 previously resolved.

No authentication — any process on your machine can connect to this server.

License not specified.

Last scanned 0 days ago.

Is it maintained?

Last commit 277 days ago. 3,702 GitHub stars.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

How much context will it use?

1 tool. Estimated ~200 tokens of your context window (0.1% of 200K).

Quick Install

{
  "mcpServers": {
    "mcp-feedback-enhanced": {
      "args": [
        "mcp-feedback-enhanced@latest"
      ],
      "command": "uvx",
      "timeout": 600,
      "autoApprove": [
        "interactive_feedback"
      ]
    }
  }
}

Setup guide

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx uv 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Tools (1)

interactive_feedback

Establishes feedback-oriented development workflows by guiding AI to confirm with users rather than making speculative operations. Provides Web UI and Desktop Application dual interface options for collecting user feedback.

Score Breakdown

MCPpedia Score

Click each category to see evidence

80A

Scored 2h ago

How we score →

Security

30/30

Last scanned 2h ago

No open vulnerabilities. 3 fixed CVEs.

✓

CVEs — 3 fixed CVEs — update to 0.9.6+check OSV.dev \u2192

○

Authentication — None required — easy to connect

✗

License — Not specifiedview license \u2192

✓

Repository — Activeview repo \u2192

✗

MCPpedia review — Not yet reviewed by MCPpedia

Advisories (0 open, 3 fixed)

mediumCVSS 4CVE-2025-13327Fixed

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Fixed in 0.9.6Published Oct 29, 2025source \u2192

infoGHSA-w476-p2h3-79g9Fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Fixed in 0.9.5Published Oct 21, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Embed this score in your READMEPreview badge

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-feedback-enhanced)](https://mcppedia.org/s/mcp-feedback-enhanced)

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target