Step 1
Install in your client
Config is the same across clients — only the file and path differ.
CD
Supported in Claude Desktopstdio, sse · Node 18+
Paste into ~/Library/Application Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"ogham-mcp": {
"args": [
"-y",
"skills"
],
"command": "npx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Embed in your READMEAbout badges →
[](https://mcppedia.org/s/ogham-mcp)
Read me
What Ogham Mcp does
Ogham (pronounced "OH-um") -- persistent, searchable shared memory for AI coding agents. Works across clients.
Test This Server
This server supports HTTP transport. Be the first to test it — help the community know if it works.
Loading README…
Scored, not listed
Why this score
Five weighted categories — click any category to see the underlying evidence.
Score breakdown
55/100across 5 weighted dimensions
0255075100
19
18
8
10
−45
Security
Maintenance
Efficiency
Documentation
Compatibility
Categoriesclick a row to see evidence
Security
OSV.dev7 open18 fixed
CVE-2026-40217low · fixedCVSS 3.1
LiteLLM has a sandbox escape in custom-code guardrail
### Impact The `POST /guardrails/test_custom_code` endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level techniques, allowing arbitrary code execution in the proxy process — which runs as root in the default Docker image. **Reaching the endpoint requires a proxy-admin credential** in default configurations. ### Patches Fixed in **`1.83.11`**. The hand-rolled sandbox has been replaced with `RestrictedPython`. Upgrade to `1.83.11` or l
CVE-2026-42271low · fixedCVSS 3.1
LiteLLM: Authenticated command execution via MCP stdio test endpoints
### Impact Two endpoints used to preview an MCP server before saving it — `POST /mcp-rest/test/connection` and `POST /mcp-rest/test/tools/list` — accepted a full server configuration in the request body, including the `command`, `args`, and `env` fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated onl
CVE-2026-42208low · fixedCVSS 3.1
LiteLLM has SQL Injection in Proxy API key verification
### Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted `Authorization` header to any LLM API route (for example `POST /chat/completions`) and reach this query through the proxy's error-handling path. An attacker could read data from the proxy's database and may be able to modify it, leading to unauthorised access to the proxy an
GHSA-xqmj-j6mv-4862medium · fixedCVSS 4
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
### Impact The `POST /prompts/test` endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the ho
CVE-2026-42203medium · fixedCVSS 4
LiteLLM: Server-Side Template Injection in /prompts/test endpoint
### Impact The `POST /prompts/test` endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the ho
Community
Reviews
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
How easy was setup?Did it work reliably?How was the documentation?
Sign in to write a review.
Frequently Asked Questions
- Is Ogham Mcp safe to use?
- Ogham Mcp has 7 known CVEs tracked by MCPpedia. You can verify these on OSV.dev by searching for "skills". Review the Security section above for details before installing.
- How do I install Ogham Mcp?
- Ogham Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
- What AI clients work with Ogham Mcp?
- Ogham Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
- Is Ogham Mcp actively maintained?
- Ogham Mcp is actively maintained — last commit was 14 days ago. It has 104 GitHub stars.
Related
Similar servers
Others in productivity / ai-ml
Memory MCP Server98Persistent memory using a knowledge graph
85.9k 5
Context Mode95Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.
15.1k 6
I
io.github.miroapp/mcp-server95Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.
104 7
Gemini Cli95An open-source AI agent that brings the power of Gemini directly into your terminal.
104.3k 8
MCP Security Weekly
Get CVE alerts and security updates for Ogham Mcp and similar servers.
Community
Discussion
Start a conversation
Ask a question, share a tip, or report an issue.
Has anyone used this with Cursor?How do you handle auth?Any alternatives?
Sign in to join the discussion.
