Is Scrumboy safe to use?

Scrumboy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Scrumboy?

Scrumboy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Scrumboy do?

Scrumboy provides 1 tool: projects.list. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Scrumboy?

Scrumboy is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Scrumboy actively maintained?

Scrumboy is actively maintained — last commit was 14 days ago. It has 309 GitHub stars.

Scrumboy

Name: Scrumboy
Author: markrai

tsc · by markrai

a self-hosted project management & Kanban solution + Instant shareable boards

309 721.7k/wk 1 tool GitHub npm

No known CVEs

No license

Actively maintained

Last commit 14d ago

Works with most clients

Transport: stdio

1 tool · ~35 tok

Grade A · 0.0% of 200K ctx

Edit this pageView history

Productivity

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "scrumboy": {
      "args": [
        "-y",
        "tsc"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/scrumboy)](https://mcppedia.org/s/scrumboy)

Read me

What Scrumboy does

No .env file, TLS certificates, or encryption key are required to start the app.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'tsc' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

93/100across 5 weighted dimensions

How we score →

0255075100

−7

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked tsc against OSV.dev.

Inventory

Tools (1)

Click any tool to inspect its schema.

~35 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Scrumboy safe to use?: Scrumboy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Scrumboy?: Scrumboy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Scrumboy do?: Scrumboy provides 1 tool: projects.list. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Scrumboy?: Scrumboy is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Scrumboy actively maintained?: Scrumboy is actively maintained — last commit was 14 days ago. It has 309 GitHub stars.

Similar servers

Others in productivity

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

io.github.miroapp/mcp-server95

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

111 7

MCP Security Weekly

Get CVE alerts and security updates for Scrumboy and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Productivity

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "scrumboy": {
      "args": [
        "-y",
        "tsc"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/scrumboy)](https://mcppedia.org/s/scrumboy)

Read me

What Scrumboy does

No .env file, TLS certificates, or encryption key are required to start the app.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'tsc' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Self-hosted project management & issue-tracking solution + instant shareable & customizable boards + realtime collaboration, automation, API access and MCP-compatible client support

Quick Start
- Run with Docker
- Run from source
Optional Configuration
Why Scrumboy?
Who is this for?
Modes
Features
Integrations & API Access
- MCP (JSON-RPC) for AI agents
- Webhooks (outbound HTTP)
Config
Roles
- System roles (instance-wide)
- Project roles (per project)
Export scope
Import modes
Code layout (reference)
Documentation
License and Contributions

Quick Start

Runs in seconds. No setup required.

No .env file, TLS certificates, or encryption key are required to start the app.

Run with Docker

docker compose up --build

Open http://localhost:8080.

Run from source

go run ./cmd/scrumboy

Open http://localhost:8080.

Optional Configuration

Environment variables

The app does not automatically load .env files.
On Linux/macOS, export variables manually (for example: export SCRUMBOY_ENCRYPTION_KEY=...).
On Windows, win_run_full.bat and win_run_anonymous.bat manage data/scrumboy.env automatically for local convenience.
Precedence on Windows is: existing process env var SCRUMBOY_ENCRYPTION_KEY, then data/scrumboy.env, then legacy root scrumboy.env.
The canonical Windows-managed local file format is SCRUMBOY_ENCRYPTION_KEY=<base64-32-byte-key>.
Windows helper scripts still accept legacy raw single-line key files for backward compatibility.

Encryption key for 2FA/password reset

SCRUMBOY_ENCRYPTION_KEY is not required for basic startup.
It becomes required for encrypted auth/security features, including:
- 2FA
- Password reset flows
If an existing database already has 2FA-enabled users, startup fails without this key.
The key is part of the same backup/restore unit as data/app.db. Back them up together.
Do not regenerate or replace the key casually after encrypted auth/security data exists, or you can break access to 2FA/password-reset data.

Generate a key with: openssl rand -base64 32

Example for Docker Compose secret injection:

services:
  scrumboy:
    environment:
      - SCRUMBOY_ENCRYPTION_KEY=${SCRUMBOY_ENCRYPTION_KEY}

Example for systemd secret injection:

[Service]
Environment="SCRUMBOY_ENCRYPTION_KEY=REPLACE_WITH_BASE64_32_BYTE_KEY"

In both cases, the deployment manager is injecting the environment variable. Scrumboy itself does not auto-load these files.

OIDC / SSO login (optional)

Scrumboy supports OpenID Connect for single sign-on with any standards-compliant provider (Keycloak, Authentik, Auth0, Entra ID, etc.). OIDC is enabled by settin

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

93/100across 5 weighted dimensions

How we score →

0255075100

−7

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

Checked tsc against OSV.dev.

Inventory

Tools (1)

Click any tool to inspect its schema.

~35 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Scrumboy safe to use?: Scrumboy has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Scrumboy?: Scrumboy supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Scrumboy do?: Scrumboy provides 1 tool: projects.list. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Scrumboy?: Scrumboy is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Scrumboy actively maintained?: Scrumboy is actively maintained — last commit was 14 days ago. It has 309 GitHub stars.

Similar servers

Others in productivity

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Qmd95

mini cli search engine for your docs, knowledge bases, meeting notes, whatever. Tracking current sota approaches while being all local

25.8k 4

io.github.miroapp/mcp-server95

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

111 7

MCP Security Weekly

Get CVE alerts and security updates for Scrumboy and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Scrumboy

Install in your client

What Scrumboy does

Test This Server

Why this score

93/100across 5 weighted dimensions

Security

Tools (1)

Reviews

Frequently Asked Questions

Similar servers

Discussion

Scrumboy

Install in your client

What Scrumboy does

Test This Server

Self-hosted project management & issue-tracking solution + instant shareable & customizable boards + realtime collaboration, automation, API access and MCP-compatible client support

Table of contents

Quick Start

Run with Docker

Run from source

Optional Configuration

Environment variables

Encryption key for 2FA/password reset

OIDC / SSO login (optional)

Why this score

93/100across 5 weighted dimensions

Security

Tools (1)

Reviews

Frequently Asked Questions

Similar servers

Discussion

Self-hosted project management & issue-tracking solution + instant shareable & customizable boards + realtime collaboration, automation, API access and MCP-compatible client support

Table of contents

Quick Start

Run with Docker

Run from source

Optional Configuration

Environment variables

Encryption key for 2FA/password reset

OIDC / SSO login (optional)