Is Mcp Front safe to use?

Mcp Front has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Mcp Front?

Mcp Front supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Mcp Front?

Mcp Front is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Mcp Front actively maintained?

Mcp Front is recently maintained — last commit was 31 days ago. It has 51 GitHub stars.

Mcp Front

Name: Mcp Front
Author: stainless-api

by stainless-api

Auth proxy for Model Context Protocol servers - adds authentication to MCP tools for Claude.ai, Claude Code, Cursor, Gemini

51 0 tools GitHub

No known CVEs

No license

Maintained

Last commit 31d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "proxy": {
    "addr": ":8080",
    "baseURL": "http://localhost:8080"
  },
  "version": "v0.0.1-DEV_EDITION_EXPECT_CHANGES",
  "mcpServers": {
    "filesystem": {
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/tmp"
      ],
      "command": "npx",
      "serviceAuths": [
        {
          "type": "bearer",
          "tokens": [
            "dev-token-123"
          ]
        }
      ],
      "transportType": "stdio"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-front)](https://mcppedia.org/s/mcp-front)

Read me

What Mcp Front does

This project is a work in progress and should not be considered production ready. > Though I'm fairly confident the overall architecture is sound, and I myself rely on the implementation — so it should work :tm:. > But definitely alpha software. > Expect breaking changes! :) > Also, don't rely too much on the docs, they drift fairly quickly, I do not always keep them updated when doing changes or adding/removing features. They are mostly here to anchor me and help me stay focus on my initial

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

39/100across 5 weighted dimensions

How we score →

0255075100

−61

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Front safe to use?: Mcp Front has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Front?: Mcp Front supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Front?: Mcp Front is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Front actively maintained?: Mcp Front is recently maintained — last commit was 31 days ago. It has 51 GitHub stars.

Similar servers

Others in security / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

Mcp Gitlab96

MCP server for using the GitLab API

1.6k 12

MCP Security Weekly

Get CVE alerts and security updates for Mcp Front and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Security Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "proxy": {
    "addr": ":8080",
    "baseURL": "http://localhost:8080"
  },
  "version": "v0.0.1-DEV_EDITION_EXPECT_CHANGES",
  "mcpServers": {
    "filesystem": {
      "args": [
        "-y",
        "@modelcontextprotocol/server-filesystem",
        "/tmp"
      ],
      "command": "npx",
      "serviceAuths": [
        {
          "type": "bearer",
          "tokens": [
            "dev-token-123"
          ]
        }
      ],
      "transportType": "stdio"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mcp-front)](https://mcppedia.org/s/mcp-front)

Read me

What Mcp Front does

This project is a work in progress and should not be considered production ready. > Though I'm fairly confident the overall architecture is sound, and I myself rely on the implementation — so it should work :tm:. > But definitely alpha software. > Expect breaking changes! :) > Also, don't rely too much on the docs, they drift fairly quickly, I do not always keep them updated when doing changes or adding/removing features. They are mostly here to anchor me and help me stay focus on my initial

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

mcp-front

[!WARNING] This project is a work in progress and should not be considered production ready.

Though I'm fairly confident the overall architecture is sound, and I myself rely on the implementation — so it should work :tm:. But definitely alpha software.

Expect breaking changes! :)

Also, don't rely too much on the docs, they drift fairly quickly, I do not always keep them updated when doing changes or adding/removing features. They are mostly here to anchor me and help me stay focus on my initial vision.

[!TIP] Looking for the easiest way to get an MCP server for your API? Check out Stainless✨. We offer best-in-class SDK and MCP generation. Build a complete MCP server and publish it to Cloudflare and Docker Hub in a few minutes!

_{Disclaimer: the author of mcp-front is an early Stainless employee}

An authentication gateway for MCP (Model Context Protocol) servers. Let your team use Claude with internal databases, APIs, and tools without exposing them to the internet.

The problem

You want your team to use Claude with internal MCP servers (databases, Linear, Notion, internal APIs). But MCP servers don't have built-in multi-user authentication. You either expose them to the public internet, build authentication yourself, or run separate instances per user. None of these are great.

The solution

mcp-front sits between Claude and your MCP servers as an authentication gateway. Your team authenticates via OAuth once (Google, Azure AD, GitHub, or any OIDC provider). When Claude connects, mcp-front validates the token, checks the user belongs to your organization, and proxies to the actual MCP server in your secure environment.

For stdio servers, each user gets an isolated subprocess. For services that need individual API keys (Notion, Linear), users connect them once through a web UI and mcp-front injects tokens automatically. Tokens are scoped to specific services (RFC 8707) — a token for your Postgres server won't work for Linear.

Organization-wide access control with per-user isolation. No modifications to your MCP servers. Nothing exposed to the internet.

How it works

User adds https://your-domain.com/<service>/sse to Claude
Claude redirects to the identity provider for login (first time only)
mcp-front validates the user belongs to your organization
If the service needs a user API key (Notion, Linear), user connects it through a web page
mcp-front proxies all MCP requests to the backend server

Try it locally

Save this as config.json:

{
  "version": "v0.0.1-DEV_EDITION_EXPECT_CHANGES",
  "proxy": {
    "baseURL": "http://localhost:8080",
    "addr": ":8080"
  },
  "mcpServers": {
    "filesystem": {
      "transportType": "stdio",
      "command": "npx",
      "args": ["-y", "@modelcontextprotocol/server-filesystem", "/tmp"],
      "serviceAuths": [
        {
          "type": "bearer",
          "tokens": ["dev-token-123"]
        }
      ]
    }
  }
}

# With Go
go install github.com/stainless-api/mcp-front/cmd/mcp-front@main
mcp-front -config config.json

# Or with Docker
docker run -p 8080:8080 -v $(pwd)/config.json:/app/config.json dgellow/mcp-front:latest

In Claude.

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

39/100across 5 weighted dimensions

How we score →

0255075100

−61

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mcp Front safe to use?: Mcp Front has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Mcp Front?: Mcp Front supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Mcp Front?: Mcp Front is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Mcp Front actively maintained?: Mcp Front is recently maintained — last commit was 31 days ago. It has 51 GitHub stars.