svelte-llm-mcp
skill
Warn
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 90 days ago
- Community trust — 159 GitHub stars
Code Warn
- process.env — Environment variable access in scripts/clear-db.js
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides Svelte 5 and SvelteKit developer documentation via a Model Context Protocol (MCP) endpoint, allowing AI assistants to access up-to-date framework references directly.
Security Assessment
The tool primarily serves static documentation, which is a low-risk activity. However, there are a few important security caveats. The rule-based scan flagged environment variable access in a script (`scripts/clear-db.js`), which is expected given the project's dependency on a PostgreSQL database and a GitHub token. While the database credentials in the README example (`postgres://admin:admin`) are safe local defaults, the setup instructions explicitly guide users to disable TLS verification (`NODE_TLS_REJECT_UNAUTHORIZED=0`) and bypass HTTP parsing security for debugging. This is a significant but voluntary risk, as it is confined to local development and debugging. No dangerous permissions are requested by the package itself, and there are no hardcoded API secrets in the codebase. Overall risk: Low (assuming standard local usage).
Quality Assessment
The project is in good standing. It is actively maintained (last pushed to 81 days ago) and has garnered a solid amount of community trust with 159 GitHub stars. It uses the permissive MIT license and includes a clear description and setup instructions.
Verdict
Safe to use.
This tool provides Svelte 5 and SvelteKit developer documentation via a Model Context Protocol (MCP) endpoint, allowing AI assistants to access up-to-date framework references directly.
Security Assessment
The tool primarily serves static documentation, which is a low-risk activity. However, there are a few important security caveats. The rule-based scan flagged environment variable access in a script (`scripts/clear-db.js`), which is expected given the project's dependency on a PostgreSQL database and a GitHub token. While the database credentials in the README example (`postgres://admin:admin`) are safe local defaults, the setup instructions explicitly guide users to disable TLS verification (`NODE_TLS_REJECT_UNAUTHORIZED=0`) and bypass HTTP parsing security for debugging. This is a significant but voluntary risk, as it is confined to local development and debugging. No dangerous permissions are requested by the package itself, and there are no hardcoded API secrets in the codebase. Overall risk: Low (assuming standard local usage).
Quality Assessment
The project is in good standing. It is actively maintained (last pushed to 81 days ago) and has garnered a solid amount of community trust with 159 GitHub stars. It uses the permissive MIT license and includes a clear description and setup instructions.
Verdict
Safe to use.
Svelte developer documentation as an MCP and in llms.txt format
README.md
svelte-llm
LLM presets and MCP for Svelte 5 and SvelteKit. Visit the site at svelte-llm.stanislav.garden.
MCP Endpoint
This service provides an MCP (Model Context Protocol) endpoint for use with AI assistants:
- Streamable HTTP (Claude Desktop and most other clients):
https://svelte-llm.stanislav.garden/mcp/mcp - SSE (Older clients that don't support Streamable):
https://svelte-llm.stanislav.garden/mcp/sse
Setup
- Create a
.envfile with the content:GITHUB_TOKEN= DB_URL=postgres://admin:admin@localhost:5432/db - Create a Classic GitHub token. It must have
public_repopermissions. - Enter this in the .env file.
- Run
docker-compose up - Run:
nvm use
npm i
npm run dev
- Run database migrations: visit http://localhost:5173/api/migrate in your browser after starting the dev server.
You can also visit http://localhost:5173/admin to see all the "hidden" endpoints (default password = "secret")
Debug MCP
NODE_TLS_REJECT_UNAUTHORIZED=0 NODE_OPTIONS="--insecure-http-parser" npx @modelcontextprotocol/inspector
You can also use GitHub Copilot in Agent mode to try the agent locally, see .vscode/mcp.json for info on how that works.
Misc
OG image from https://dynamic-og-image-generator.vercel.app/
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found