Is Qb Auto safe to use?

Qb Auto has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Qb Auto?

Qb Auto supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Qb Auto?

Qb Auto is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is Qb Auto actively maintained?

Qb Auto is actively maintained — last commit was 1 day ago. It has 38 GitHub stars.

Qb Auto

Name: Qb Auto
Author: Scottcjn

mcp · by Scottcjn

QuickBooks Online MCP server for Claude Code — 8 automation tools replacing 50K-token snapshots with ~200-token targeted extraction

38 0 tools GitHub PyPI

No known CVEs

No license

Actively maintained

Last commit 1d ago

Works with most clients

Transport: stdio, sse

0 tools

Grade F

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "quickbooks": {
      "args": [
        "/path/to/qb-auto/server.py"
      ],
      "type": "stdio",
      "command": "python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/qb-auto)](https://mcppedia.org/s/qb-auto)

Read me

What Qb Auto does

MCP (Model Context Protocol) server that gives Claude Code native tools for QuickBooks Online automation.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

52/100across 5 weighted dimensions

How we score →

0255075100

−48

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2025-66416medium · fixedCVSS 4

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac

Affected: >= 0Fixed in 1.23.0source →

CVE-2025-53366medium · fixedCVSS 4

MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.

Affected: >= 0Fixed in 1.9.4source →

CVE-2025-53365medium · fixedCVSS 4

MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

If a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.

Affected: >= 0Fixed in 1.10.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Qb Auto safe to use?: Qb Auto has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Qb Auto?: Qb Auto supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Qb Auto?: Qb Auto is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Qb Auto actively maintained?: Qb Auto is actively maintained — last commit was 1 day ago. It has 38 GitHub stars.

Similar servers

Others in finance

View all →

Alpha Vantage Mcp93

Real-time financial market data: stocks, forex, crypto, commodities, and economic indicators

150 3

Spreedly Mcp92

A Model Context Protocol (MCP) server that provides AI assistants with direct access to the Spreedly payments API. Enables LLMs to manage gateways, process transactions, tokenize payment methods, and more, through structured, validated tool calls.

9 8

io.github.rezmeplxrf/insightsentry_mcp91

MCP server for InsightSentry financial data API - market data, options, screeners, and more

io.github.xkumakichi/xaip-mcp-server90

AI agents get on-chain identity, credentials, reputation, escrow, and persistent memory on XRPL.

MCP Security Weekly

Get CVE alerts and security updates for Qb Auto and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Finance

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "quickbooks": {
      "args": [
        "/path/to/qb-auto/server.py"
      ],
      "type": "stdio",
      "command": "python3"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/qb-auto)](https://mcppedia.org/s/qb-auto)

Read me

What Qb Auto does

MCP (Model Context Protocol) server that gives Claude Code native tools for QuickBooks Online automation.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

README

qb-auto — QuickBooks MCP Server

MCP (Model Context Protocol) server that gives Claude Code native tools for QuickBooks Online automation.

Replaces 50K-token browser_snapshot round-trips with targeted DOM extraction (~200-500 tokens) and compound Playwright actions that complete entire workflows in one tool call.

Tools

Tool	Description
`qb_page_state`	Check current page/dialog state (~50 tokens)
`qb_list_invoices`	List all visible invoices with optional customer filter
`qb_invoice_state`	Inspect an open invoice form (line items, totals)
`qb_receive_payment`	Record a payment (navigate → fill → save → confirm)
`qb_create_invoice`	Create a new invoice with line items
`qb_delete_line_item`	Delete a line from an existing invoice
`qb_edit_payment_amount`	Edit an existing payment amount
`qb_batch_receive_payments`	Record multiple payments in sequence
`qb_report`	Run any QBO report (30+ report types) with date range options
`qb_report_pnl`	Profit & Loss (income statement)
`qb_report_balance_sheet`	Balance Sheet (assets, liabilities, equity)
`qb_report_ar_aging`	A/R Aging Summary (who owes, how overdue)
`qb_report_customer_balance`	Customer Balance Summary
`qb_report_open_invoices`	Open (unpaid) Invoices
`qb_report_vendor_balance`	Vendor Balance Summary

Token Savings

Workflow	Before (snapshots)	After (MCP)	Savings
Receive Payment	~290K tokens	~13K tokens	95%
Create Invoice	~350K tokens	~18K tokens	95%
Full session (5 ops)	~500K tokens	~45K tokens	91%

Setup

Prerequisites

Python 3.10+
mcp and playwright packages
Chrome running with remote debugging: google-chrome --remote-debugging-port=9222

Install

pip install mcp playwright
playwright install chromium

Register with Claude Code

Add to ~/.mcp.json:

{
  "mcpServers": {
    "quickbooks": {
      "type": "stdio",
      "command": "python3",
      "args": ["/path/to/qb-auto/server.py"]
    }
  }
}

Configuration

The server connects to Chrome via CDP (Chrome DevTools Protocol) on port 9222 by default. Set the CDP_PORT variable in server.py if using a different port.

Architecture

Extractors: JavaScript functions injected via page.evaluate() that return compact JSON from QB's DOM using ARIA selectors
Actions: Complete Playwright workflows using getByRole() and getByLabel() — ARIA-stable selectors that survive QB page reloads
Playbook: PLAYBOOK.md contains the full reference for manual use with browser_evaluate/browser_run_code

Files

File	Purpose
`server.py`	MCP server with 15 tools
`extractors.js`	Standalone JS extractor functions (reference)
`actions.js`	Playwright action templates (reference)
`PLAYBOOK.md`	Quick reference for manual browser automation

How It Works

Claude calls qb_receive_payment(invoice_num="6865", amount="22500", method="ACH")
Server connects to your Chrome browser via CDP
Navigates to QB invoices, finds the invoice, opens payment dialog
Fills method, amount, saves, handles confirmations
Returns compact JSON result (~200 tokens)

No browser snapshots. No 50K token pages. One tool call = one complete operation.

License

MIT

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

52/100across 5 weighted dimensions

How we score →

0255075100

−48

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

3 fixed

CVE-2025-66416medium · fixedCVSS 4

Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default

Affected: >= 0Fixed in 1.23.0source →

CVE-2025-53366medium · fixedCVSS 4

MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS

Affected: >= 0Fixed in 1.9.4source →

CVE-2025-53365medium · fixedCVSS 4

MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to Denial of Service

Affected: >= 0Fixed in 1.10.0source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Qb Auto safe to use?: Qb Auto has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Qb Auto?: Qb Auto supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Qb Auto?: Qb Auto is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Qb Auto actively maintained?: Qb Auto is actively maintained — last commit was 1 day ago. It has 38 GitHub stars.