π¦ Repomix is a powerful tool that packs your entire repository into a single, AI-friendly file. Perfect for when you need to feed your codebase to Large Language Models (LLMs) or other AI tools like Claude, ChatGPT, DeepSeek, Perplexity, Gemini, Gemma, Llama, Grok, and more.
Config is the same across clients β only the file and path differ.
{
"mcpServers": {
"repomix-docker": {
"args": [
"run",
"-i",
"--rm",
"ghcr.io/yamadashy/repomix",
"--mcp"
],
"command": "docker"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Available for MacOS, Linux, & Windows
This server supports HTTP transport. Be the first to test it β help the community know if it works.
Five weighted categories β click any category to see the underlying evidence.
repomix: attach_packed_output can bypass file-read secret scanning for supported local files
# `attach_packed_output` can register arbitrary `.json/.txt/.md/.xml` files and bypass the MCP file-read safety check ## Summary Repomix's MCP server exposes a normal `file_system_read_file` tool that reads absolute paths only after running the project's secret check. However, the `attach_packed_output` plus `read_repomix_output` flow can read arbitrary local `.json`, `.txt`, `.md`, or `.xml` files without the same safety check and without verifying that the file is actually a Repomix packed o
repomix Vulnerable to Command Injection (RCE) via `--remote-branch` Argument Injection
### Vulnerability Metadata | Field | Detail | | --- | --- | | **Affected Component** | `src/core/git/gitCommand.ts` (`execGitShallowClone`) | | **Impact** | Arbitrary Command Execution / Security Control Bypass | ### Summary The `--remote-branch` CLI option in `repomix` is vulnerable to argument injection. User-supplied input is passed directly to `git fetch` and `git checkout` subprocesses via `child_process.execFileAsync` without sanitization, `--` delimiters, or validation. An attacker ca
Be the first to review
Have you used this server?
Share your experience β it helps other developers decide.
Sign in to write a review.
Others in developer-tools
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
Manage Supabase projects β databases, auth, storage, and edge functions
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
MCP Security Weekly
Get CVE alerts and security updates for Repomix and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
Available for MacOS, Linux, & Windows
Use Repomix online! π repomix.com
Need discussion? Join us on Discord!
Share your experience and tips
Stay updated on new features
Get help with configuration and usage