Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"multi-llm-mcp": {
"args": [
"fastmcp"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
一个用于 Claude Code 的 MCP 工具,支持通过 MCP 调用 Codex CLI 执行任务,并支持多个模型(GPT、Kimi、DeepSeek、Qwen 等)并行调用。
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability
## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll
FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities
## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi
FastMCP has a Command Injection vulnerability - Gemini CLI
Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol
FastMCP OAuth Proxy token reuse across MCP servers
While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:
FastMCP updated to MCP 1.23+ due to CVE-2025-66416
There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml
Dynamic problem-solving through sequential thought chains
Persistent memory using a knowledge graph
Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
An open-source AI agent that brings the power of Gemini directly into your terminal.
MCP Security Weekly
Get CVE alerts and security updates for Multi Llm Mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
一个用于 Claude Code 的 MCP 工具,支持通过 MCP 调用 Codex CLI 执行任务,并支持多个模型(GPT、Kimi、DeepSeek、Qwen 等)并行调用。
本项目基于 FastMCP 开发,主要解决两个问题:
job_id + wait_codex 的方式等待长任务完成,避免 MCP 客户端单次工具调用超时。read-only、workspace-write、danger-full-access 三种级别。session_id 保持多轮上下文。job_id,后续继续通过 wait_* 工具等待结果。health_check 用于检查运行环境、Codex CLI 是否可用、各模型 API Key 是否配置等(不返回任何 key 内容)。| 工具名 | 作用 |
|---|---|
ask | 调用单个模型,支持多轮会话 |
ask_many | 同时调用多个模型 |
wait_many | 继续等待多模型并行调用任务 |
review | 让多个模型同时分析同一段内容 |
ask_codex | 调用 Codex CLI 执行任务 |
wait_codex | 继续等待 Codex CLI 任务 |
clear_session | 清除指定会话 |
clear_all_sessions | 清除全部会话 |
list_sessions | 查看当前内存中的会话 |
health_check | 检查 MCP 服务运行状态 |
安装依赖:
pip install fastmcp openai
如果需要使用 ask_codex,还需确保本机已安装 Codex CLI,并能在命令行直接运行:
codex
另外,在用 ask_codex 调度 Codex 之前,确保 Codex CLI 已经登录过账号(首次使用前先在命令行运行 codex 完成登录),否则任务会因为未认证而失败。
项目中通过 PROVIDERS 配置不同模型服务,例如 DeepSeek、Kimi、Qwen、GPT 等。推荐使用环境变量保存模型密钥:
| 模型 | 环境变量 |
|---|---|
| DeepSeek | DEEPSEEK_API_KEY |
| Kimi(Moonshot) | MOONSHOT_API_KEY |
| Qwen(DashScope) | DASHSCOPE_API_KEY |
| GPT(OpenAI) | OPENAI_API_KEY |
| Claude(Anthropic,可选) | ANTHROPIC_API_KEY |
在 Windows 上可以用 setx 把这些设为用户级环境变量(设完需重开终端 / 重启 Claude Code 才生效),按你要用的模型设即可:
setx OPENAI_API_KEY "your-key"
setx DEEPSEEK_API_KEY "your-key"
(MOONSHOT_API_KEY / DASHSCOPE_API_KEY / ANTHROPIC_API_KEY 同理。)
如果只是自己本地快速验证,也可以临时把 key 写到代码里的 PROVIDERS 中,方便测试。但不要把包含 key 的代码上传到 GitHub,也不要发给别人。准备开源或分享前,应改成环境变量方式,或确认代码中已经没有真实 key。
代码里 PROVIDERS 的 claude 块默认是注释状态。要启用 Claude:
PROVIDERS 中的 claude 块;"claude" 加进 ModelName;ANTHROPIC_API_KEY。它走的是 Anthropic 的 OpenAI 兼容端点(base_url="https://api.anthropic.com/v1/"),模型名填 Claude 的名称即可(如 claude-opus-4-7、claude-sonnet-4-6、claude-haiku-4-5)。
小技巧:服务本身跑在 Claude Code 里,所以你可以反过来调度别的 Claude——比如用更便宜的 Haiku 去跑并行的苦力活,或者要一个干净上下文、不被当前对话带偏的 Claude 来做二次判断。
在 Claude Code 中,推荐直接用 claude mcp add 命令添加本项目。基本格式:
claude mcp add --scope user llm-mix -- python /absolute/path/to/LLM_MIX.py
其中:
llm-mix 是这个 MCP 服务的名字,可以自己改。--scope user 表示该 MCP 对当前用户全局可用,不只限于某一个项目。python 是 Python 启动命令。/absolute/path/to/LLM_MIX.py 替换成你本地 LLM_MIX.py 的绝对路径。Windows 示例:
claude mcp add --scope user llm-mix -- python "C:\path\to\LLM_MIX.py"
如果上面那条添加后用不了(通常是 python 不在 PATH 上,或指向了别的 Python 环境),改用下面这条、写上 Python 解释器的完整路径:
claude mcp add --scope user llm-mix -- "C:\path\to\python.exe" "C:\path\to\LLM_MIX.py"
添加完成后,可以用下面的命令查看是否添加成功:
claude mcp list
进入 Claude Code 后,也可以输入 /mcp 查看 MCP 服务是否已连接。
连接 MCP 后,可以直接让 Claude Code 使用这些能力:
用 Codex 查看当前项目结构。
让 Codex 在当前目录创建一个测试文件。
让 Codex 修改这个 Python 文件,修复明显的异常处理问题。
把这个问题同时发给 GPT、Kimi、DeepSeek 和 Qwen。
让多个模型一起分析这个方案有没有明显问题。
让 DeepSeek 单独解释这段代码。
如果任务较长,工具可能会返回:
{
"success": true,
"status": "running",
"job_id": "xxxx",
"message": "任务仍在运行,使用 wait_codex 继续等待"
}
这时继续调用对应的 wait_codex 或 wait_many 即可。
read-only。workspace-write。danger-full-access,因为这个模式会给 Codex 更高的本机权限。ask_codex 依赖本机 Codex CLI。health_check 查看)。job_id + wait_* 的方式继续等待。本项目在 LINUX DO 社区分享与讨论,感谢社区佬