Skillget

proton-pass-community-mcp

mcp
Security Audit
Warn
Health Warn
  • License — License: GPL-3.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 5 GitHub stars
Code Warn
  • process.env — Environment variable access in .github/workflows/upstream-pass-cli-watch.yml
  • fs module — File system access in .github/workflows/upstream-pass-cli-watch.yml
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This is an unofficial MCP server that integrates with the Proton Pass CLI, allowing AI agents and MCP clients to manage vaults, search items, and inject secrets via typed tool inputs.

Security Assessment
Because this tool acts as a bridge to a password manager, it inherently handles highly sensitive data, including authentication sessions, vault contents, and secrets. It allows the execution of shell commands and secret injections via the underlying `pass-cli`. The automated code scan did not find any hardcoded secrets or dangerous permission requests. The environment variable and filesystem access warnings are limited to a GitHub Actions workflow file rather than the core application code. Overall risk: Medium.

Quality Assessment
The project is actively maintained, with its most recent push occurring today. It utilizes standard development practices like CI testing, production hygiene workflows, and type validation using Zod. The repository is properly licensed under GPL-3.0. However, community trust and visibility are currently very low, with only 5 GitHub stars and no official affiliation with Proton AG.

Verdict
Use with caution: the code itself is transparent and avoids dangerous permissions, but giving any AI agent access to inject secrets and manage your password vaults carries inherent risks that require strict oversight.
SUMMARY

Unofficial MCP server that integrates with the Proton Pass CLI

README.md

CI
Production Hygiene
NPM Version

proton-pass-community-mcp is an MCP server for Proton Pass, with broad coverage of pass-cli operations.

It is an independent community project. It is not affiliated with or endorsed by Proton AG.

It is designed as a production-ready integration layer:

  • typed tool inputs with zod
  • stdio transport for MCP clients

📌 Current Version of pass-cli used in development: v1.9.0

Available Tools

The server exposes the following MCP tool surface:

Tool Purpose
view_session_info Session/account status from pass-cli info
view_user_info User account details from pass-cli user info
check_status Check user authentication status and CLI version
inject Inject secrets into template files
run Run commands with secret references resolved
list_vaults List vaults
list_shares List shares
list_invites List pending invitations
accept_invite Accept an invitation token
reject_invite Reject an invitation token
view_settings View current Proton Pass CLI settings
list_vault_members List members of a specific vault
update_vault_member Update a vault member role
remove_vault_member Remove a vault member
list_items List vault or share items, omitting contents
search_items Search items by title
view_item View item by URI or selectors
create_vault Create a vault
update_vault Update a vault name
delete_vault Delete a vault
share_vault Share a vault with a user
transfer_vault Transfer vault ownership
create_login_item Create a login item
create_login_item_from_template Create a login item from template payload
create_note_item Create a note item
create_credit_card_item Create a credit card item
create_wifi_item Create a WiFi item
create_custom_item Create a custom item from template payload
create_identity_item Create an identity item from template payload
move_item Move an item between vaults
trash_item Move an item to trash
untrash_item Restore an item from trash
update_item Update an item field set
delete_item Delete an item
download_item_attachment Download an item attachment
list_item_members List members of an item
update_item_member Update an item member role
remove_item_member Remove an item member
create_item_alias Create an alias item
share_item Share an item with a user
generate_item_totp Generate item TOTP codes
generate_random_password Generate a random password
generate_passphrase Generate a passphrase
generate_totp Generate TOTP from secret/URI
score_password Score password strength

Coverage goal: provide comprehensive support for Proton Pass CLI workflows that fit MCP tool semantics.
Intentionally excluded are CLI behaviors that are purely interactive or otherwise not a good fit for reliable MCP tool execution.

The search_items operation is additional functionality that is not provided by the base CLI.

Mutative tools currently require write gate opt-in (ALLOW_WRITE=1) and explicit per-call confirmation (confirm: true).

Proposed protocol-aligned confirmation policy (elicitation-first with fail-closed fallback) is documented in docs/TOOL_SCHEMA_PLAN.md.

Available Resources

The server also exposes static MCP resources for item-create template snapshots:

  • pass://templates/item-create (catalog/index)
  • pass://templates/item-create/login
  • pass://templates/item-create/note
  • pass://templates/item-create/credit-card
  • pass://templates/item-create/wifi
  • pass://templates/item-create/custom
  • pass://templates/item-create/identity

Snapshot artifact source:

These template resources are example well-formed payloads from pass-cli --get-template, not authoritative validation schemas.

Item Discovery Contract

list_items and search_items return token-efficient results. These operations do not contain the full contents or secrets of any items, thus preventing unnecessary leakage of sensitive data from the CLI to the host application or the LLM.

list_items and search_items both support MCP pagination:

  • Input fields:
    • pageSize (optional, 1..250, default 100 for JSON output)
    • cursor (optional non-negative integer string offset, for example "100")
  • Behavior:
    • Response includes items, pageSize, cursor, returned, total, and nextCursor.
    • Use nextCursor in a follow-up call to fetch the next page.

list_items also forwards filterType, filterState, and sortBy to pass-cli item list.

search_items semantics:

  • title-only search (field: "title")
  • matching modes: contains, prefix, exact
  • optional caseSensitive

Requirements

[!NOTE]
Currently, the server expects the user to handle authentication. If it's not able to authenticate, it will simply prompt the user to authenticate using one of the pass-cli methods.

  • Node.js 24 (.nvmrc)
  • pass-cli installed and authenticated
  • MCP client capable of stdio transport

Run Locally

npm ci
npm run build
npm run dev

Install and Run via npm/npx

Install from npm or run directly with npx:

npm install --global proton-pass-community-mcp
proton-pass-community-mcp --allow-version-drift

or:

npx -y proton-pass-community-mcp --allow-version-drift

Release operations for maintainers are documented in docs/DEPLOYMENT.md.

Anonymized Demo Shell (Docker)

Use this when recording demos and you want a neutral workspace path in tooling metadata:

npm run demo:shell

This launches a container with the project mounted at /workspace/project.

To run a single command instead of an interactive shell:

npm run demo:shell -- npm run check

Notes:

  • Shell prompt aliases/PS1 tweaks only change terminal display; they do not change real working-directory metadata emitted by tools.
  • For true path anonymization in logs, run the host/tooling process from inside this containerized workspace.

MCP Client Configuration

Example MCP server config using npx package execution:

{
  "mcpServers": {
    "proton-pass-community-mcp": {
      "command": "npx",
      "args": ["-y", "proton-pass-community-mcp", "--allow-version-drift"]
    }
  }
}

If you are developing locally from source, use a direct local build path:

Example MCP server config using command-line args:

{
  "mcpServers": {
    "proton-pass-community-mcp": {
      "command": "node",
      "args": ["/absolute/path/to/proton-pass-community-mcp/dist/index.js", "--allow-version-drift"]
    }
  }
}

Example MCP server config using environment overrides:

{
  "mcpServers": {
    "proton-pass": {
      "command": "node",
      "args": ["/absolute/path/to/proton-pass-community-mcp/dist/index.js"],
      "env": {
        "PASS_CLI_BIN": "pass-cli",
        "PASS_CLI_ALLOW_VERSION_DRIFT": "true"
      }
    }
  }
}

Authentication Model

  1. Authentication is user-managed outside MCP with pass-cli login.
  2. On auth failure, tools return standardized AUTH_* errors and a retry instruction.
  3. The MCP server does not collect credentials, OTP codes, or private keys.
  4. Use check_status once as a session preflight (not per tool call); rely on AUTH_* fallback errors if the session later expires.
  5. check_status compares your local CLI version against the development baseline and reports a version assessment for LLMs:
    • equal: exact semver match
    • compatible: semver differs but appears compatible by policy
    • possibly_incompatible: semver indicates potential drift, or version parsing/execution prevented a strict comparison
  6. Version assessments are advisory. check_status is marked as an MCP error only when connectivity/authentication fails.
  7. There is no MCP-specific API token auth layer in this server. Authentication methods are those supported by pass-cli in the server process environment.

Test Account Workflow

For disposable test-account usage in local development and CI (including account preflight checks and session isolation), see docs/testing/TEST_ACCOUNT_WORKFLOW.md.

Startup Flags

  • --allow-version-drift: treat semver mismatch/version-parse uncertainty as compatible for check_status

Equivalent environment variable:

  • PASS_CLI_ALLOW_VERSION_DRIFT=true|false (accepted truthy values: true, 1, yes, on; falsy: false, 0, no, off)
  • If both are set, the CLI flag takes precedence.

Example:

npm run dev -- --allow-version-drift

Notes

  • This is not an official Proton project.
  • This project currently targets Proton Pass via pass-cli only.
  • See ROADMAP.md for planned features.
  • In addition to the MCP server, there is an agent skill file that is intended to be integrated with this MCP - however, it is currently only a draft.
  • Developer runtime configuration and validation workflows are documented in CONTRIBUTING.md.
  • Disposable account setup and contributor/CI guidance are documented in docs/testing/TEST_ACCOUNT_WORKFLOW.md.
  • See CONTRIBUTING.md if you're interested in contributing to this project. Contributors are welcome.

LICENSE

GPL-3 © 2026 Really Him

Reviews (0)

No results found