Is Signal Mcp Server safe to use?

Signal Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Signal Mcp Server?

Signal Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Signal Mcp Server?

Signal Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse and http transport.

Is Signal Mcp Server actively maintained?

Signal Mcp Server is less actively maintained — last commit was 250 days ago. It has 6 GitHub stars.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/signal-mcp-server)](https://mcppedia.org/s/signal-mcp-server)

✓

Is it safe?

No known CVEs for uv. 3 previously resolved.

No authentication — any process on your machine can connect.

License not specified.

Is it maintained?

Last commit 250 days ago. 6 stars.

Will it work with my client?

Transport: stdio, sse, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'uv' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

MCPpedia Score

Click each category to see evidence

44C

Last scored 1h ago

How we score →

✓

Known CVEs — No known CVEs for uvcheck OSV.dev

○

Tool safety — No tools to analyze

○

Tool poisoning — No tools to analyze

○

Injection vectors — No tools to analyze

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✗

License — No license specified

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 3 fixed)

mediumCVSS 4CVE-2025-13327Fixed

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Affected: >= 0Fixed in 0.9.6Published Oct 29, 2025source \u2192

infoGHSA-w476-p2h3-79g9Fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Affected: >= 0Fixed in 0.9.5Published Oct 21, 2025source \u2192

mediumCVSS 4CVE-2025-54368Fixed

uv allows ZIP payload obfuscation through parsing differentials

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target

Affected: >= 0Fixed in 0.8.6Published Aug 7, 2025source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

MCP Security Weekly

Get CVE alerts and security updates for Signal Mcp Server and similar servers.

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

📱 signal-mcp-server

MCP Server for retrieving Signal messages using signal-export logic.

🎯 Overview

This MCP server enables AI agents and tools to access Signal Desktop chat messages and attachments via the Model Context Protocol (MCP).

🛠️ Features

Retrieve Signal messages from your local Signal Desktop database
List all Signal chats with contact details and message counts
Filter messages by chat/contact name
Paginate through message history with offset and limit
Support for multiple operating systems (Windows, macOS, Linux)
Handle encrypted Signal databases

📋 Prerequisites

Python 3.13 or higher
UV package manager
Signal Desktop installed with existing message database
Node.js and npm (for MCP inspector tools)
Windows, macOS, or Linux operating system

1. Signal Desktop

Official Download Page:
https://signal.org/download/
Direct Download Links:

Note: Signal Desktop requires Signal to be installed on your phone for initial setup.

2. Python

Official Download Page:
https://www.python.org/downloads/
Direct Download for Python 3.13.5:
Python 3.13.5 Release Page
Download the installer for your OS (Windows, macOS, Linux) and follow the setup instructions.

3. UV (Python Package Manager)

Official Documentation & Source:
https://github.com/astral-sh/uv
UV Documentation
Installation (Windows):
```
irm https://astral.sh/uv/install.ps1 | iex
```
Or, using pip (if you already have Python and pip installed):
```
pip install uv
```

Installation (macOS/Linux):

curl -LsSf https://astral.sh/uv/install.sh | sh

More Info:
UV Installation Guide

4. Claude Desktop

Official Download Page:
https://claude.ai/download
Download the installer for your OS (Windows, macOS) and follow the setup instructions.

🚀 Installation Signal MCP Server

Clone the repository:

git clone https://github.com/stefanstranger/signal-mcp-server.git
cd signal-mcp-server

Create a virtual environment:
```
uv venv .venv --python 3.13
```
Activate the virtual environment:
- Windows PowerShell:
```
.\.venv\Scripts\Activate.ps1
```
- macOS/Linux:
```
source .venv/bin/activate
```
Install dependencies:
```
uv pip install fastmcp signal-export
```

⚙️ Configuration

🔧 Claude Desktop Setup

Usage with Claude Desktop Add the following to your claude_desktop_config.json file:

{
  "mcpServers": {
    "signal-mcp-server": {
         "type": "stdio",
         "command": "uv",
         "args": [
            "run",
            "--with",
            "mcp[cli]",
            "--with",
            "signal-export",
            "mcp",
            "run",
            "C:\\Github\\signal-mcp-server\\server.py"
         ]
    }
  }
}

Signal Data Directory

The server automatically detects your Signal data directory based on your operating system:

Windows: %APPDATA%\Signal
macOS: ~/Library/Application Support/Signal
Linux: ~/.config/Signal (or Flatpak: ~/.var/app/org.signal.Signal/config/Signal)

Encryption

If your Signal database is encrypted, you may need to provide:

password: Database password (if set)
key: Encryption key (if required)

🏃 Running the Server

Start MCP Server

uv run .\server.py

Inspect

... View full README on GitHub

Signal Mcp Server

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Advisories (0 open, 3 fixed)

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion