metamcp
Health Uyari
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Basarisiz
- fs module — File system access in package.json
- eval() — Dynamic code execution via eval() in src/__tests__/sandbox.test.ts
- new Function() — Dynamic code execution via Function constructor in src/__tests__/sandbox.test.ts
- fs module — File system access in src/__tests__/sandbox.test.ts
Permissions Gecti
- Permissions — No dangerous permissions requested
This tool acts as an aggregator or proxy for multiple MCP servers. It collapses numerous connected tool schemas into a handful of unified tools, significantly reducing token usage and context window overhead for AI models.
Security Assessment
The overall risk is rated as Medium. The primary concern stems from the use of dynamic code execution via `eval()` and the `new Function()` constructor. However, these security alerts are safely isolated within test files (`sandbox.test.ts`) rather than the core runtime code. Similarly, the detected file system access is appropriately restricted to testing environments. No dangerous base permissions are requested, and no hardcoded secrets were found. The core function of the application involves managing child processes and facilitating network transport between the host and child servers, which is standard for an MCP proxy.
Quality Assessment
The project demonstrates strong development practices for an early-stage tool. It utilizes strict TypeScript, has an active CI pipeline, and is protected by the standard Apache-2.0 license. Activity is high, with the most recent code push occurring today. The only notable drawback is its low community visibility; with only 5 stars on GitHub, it has not yet been widely peer-reviewed or battle-tested by the broader open-source community.
Verdict
Use with caution — the code appears sound and safely architected, but its dynamic execution capabilities and low community adoption warrant close review before deploying in sensitive environments.
MetaMCP collapses N child MCP servers into 4 tools
MetaMCP
MetaMCP connects all your MCP servers through one. Your model sees 6 tools instead of hundreds.
Think of it like a power strip for MCP servers. Plug in as many as you need -- playwright, databases, GitHub, custom tools -- and your LLM talks to one server that handles everything behind the scenes.
┌─── playwright (52 tools)
│
LLM ──► MetaMCP ────────┼─── fetch (3 tools)
(6 tools) │
├─── sqlite (6 tools)
│
└─── ... N more servers
Why MetaMCP?
Every MCP server you add registers its tool schemas with the LLM. Each schema eats context tokens. At 5 servers with 20 tools each, that's ~15,000 tokens spent on schemas alone -- every single request.
MetaMCP collapses all of that into 6 tools (~1,300 tokens). That cost stays constant whether you run 3 servers or 30. Less token overhead, better tool selection accuracy, more room for actual work.
Beyond token savings, MetaMCP handles the things you shouldn't have to think about: connection pooling, process lifecycle, error recovery, schema caching, and transport differences between local and remote servers.
Quick Start
Install and run:
npx @mentu/metamcp # run directly (no install)
npm install -g @mentu/metamcp # or install globally
Auto-configure your editor (Claude Desktop, Claude Code, Cursor, VS Code, Windsurf, and more):
npx @mentu/metamcp init
Add servers from the built-in gallery (122 curated servers):
metamcp add playwright sentry memory postgres # one-click, writes .mcp.json
metamcp add --list # browse all available servers
metamcp add --category search # filter by category
Or create a .mcp.json manually:
{
"mcpServers": {
"playwright": {
"command": "npx",
"args": ["-y", "@playwright/mcp@latest"]
},
"sqlite": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-sqlite", "/path/to/db"]
}
}
}
npx @mentu/metamcp --config .mcp.json
That's it. MetaMCP speaks MCP over stdio -- point any MCP client at it.
Note: MetaMCP optionally uses
better-sqlite3for semantic search. This requires a C++ compiler. If compilation fails, MetaMCP still works with keyword-only search. On macOS:xcode-select --install. On Linux:apt install build-essential.
The Tools
MetaMCP gives the LLM 6 tools: 4 core tools for server management, and 2 advisory tools for skill awareness.
Core Tools
mcp_discover -- Find tools
Search tool catalogs across all connected servers. Without a query, returns server status and tool counts.
{ "query": "screenshot" }
mcp_provision -- Get what you need
Describe a capability and MetaMCP resolves the right server. It searches local catalogs first, then the npm registry for installable servers.
{ "intent": "I need to crawl a website and extract links" }
mcp_call -- Use a tool
Forward a tool call to a specific server. MetaMCP handles connection management and retries on crash.
{ "server": "playwright", "tool": "browser_navigate", "args": { "url": "https://example.com" } }
mcp_execute -- Write code
Run JavaScript in a V8 sandbox with access to all provisioned servers. Compose multi-step workflows, loops, and conditionals in a single call.
{ "code": "const result = await servers.sqlite.call('query', { sql: 'SELECT count(*) FROM users' }); return result;" }
Skill-Aware Tools
Skills are methodology files (SKILL.md) that teach agents how to use MCP servers effectively. MetaMCP can discover skills and check whether their required MCP servers are available.
mcp_skill_discover -- Find skills
Search installed skills with MCP readiness status. Returns matching skills, their required servers, and whether those servers are connected.
{ "query": "browser automation" }
mcp_skill_advise -- Pre-flight check
Check whether a specific skill's dependencies are satisfied before using it.
{ "skill": "playwright" }
Skills live in ~/.claude/skills/ (personal) or .claude/skills/ (project). MetaMCP scans both locations and matches skills to their companion MCP servers via the requires-mcp frontmatter field. See Skills in the docs.
Server Gallery
MetaMCP ships with a curated gallery of 122 MCP servers across developer tools, databases, browser automation, search, security, monitoring, and more.
metamcp add --list # browse all servers
metamcp add playwright sentry neon # add multiple at once
metamcp add --category databases # filter by category
When you add a server that has a companion skill installed, MetaMCP tells you:
Added 2 server(s): playwright, sentry
Companion skills detected:
playwright → skill: playwright
sentry → skill: sentry
These skills teach agents how to use these servers effectively.
See the full gallery at metamcp.org/guides/server-gallery.
Configuration
MetaMCP reads .mcp.json -- the same format used by Claude Desktop and Claude Code.
Local server:
{
"mcpServers": {
"my-server": {
"command": "/usr/local/bin/my-mcp-server",
"args": ["--port", "8080"],
"env": { "API_KEY": "..." }
}
}
}
Remote server (SSE):
{
"mcpServers": {
"remote-tools": {
"url": "https://mcp.example.com/sse",
"transportType": "sse",
"headers": { "Authorization": "Bearer your-token" }
}
}
}
Remote server (HTTP) with OAuth:
{
"mcpServers": {
"cloud-server": {
"url": "https://mcp.example.com/api",
"oauth": true
}
}
}
Server lifecycle:
{
"mcpServers": {
"database": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-sqlite", "/path/to/db"],
"lifecycle": { "mode": "keep-alive", "idleTimeoutMs": 600000 }
},
"one-shot": {
"command": "/usr/local/bin/converter",
"lifecycle": "ephemeral"
}
}
}
Three transport types: stdio (local, default), http (Streamable HTTP), and sse (Server-Sent Events). OAuth triggers a browser flow on first connect, with tokens saved to ~/.metamcp/oauth/.
Lifecycle controls idle behavior: keep-alive servers persist, ephemeral servers tear down immediately after use, and servers without a declaration follow the default pool timeout.
What MetaMCP handles for you
- Connection pool -- bounded pool with LIFO idle eviction. Servers start lazily on first use.
- Circuit breaker -- per-server failure tracking. Errors are classified: auth failures (401/403) never trip the breaker, only transient errors count.
- Schema caching -- tool schemas persist to disk for fast cold starts. Stale caches refresh transparently.
- Config import --
--importdiscovers servers from Cursor, Claude Desktop, Claude Code, VS Code, Windsurf, Codex, and OpenCode. - Hot reload -- MetaMCP watches
.mcp.jsonfor changes. Add servers withmetamcp addand they become available within 2 seconds, no restart needed. - V8 sandbox --
mcp_executeruns in a locked-down context. Noeval, norequire, no network access. - Multi-transport -- stdio, HTTP, and SSE with OAuth. The model doesn't know the difference.
- Skill awareness -- discovers companion skills for MCP servers and checks readiness before invocation.
CLI
| Command | Description |
|---|---|
metamcp |
Start the MetaMCP server (default) |
metamcp init |
Auto-configure MetaMCP in all supported MCP clients |
metamcp add <server> |
Add server(s) from the gallery to .mcp.json |
metamcp add --list |
Browse all available servers |
| Flag | Default | Description |
|---|---|---|
--config <path> |
.mcp.json |
Path to config file |
--max-connections <n> |
20 |
Connection pool max size |
--idle-timeout <ms> |
300000 |
Idle connection timeout |
--failure-threshold <n> |
5 |
Circuit breaker failures before trip |
--cooldown <ms> |
30000 |
Circuit breaker cooldown |
--import |
off | Import configs from installed editors |
Documentation
Full docs at metamcp.org.
Contributing
See CONTRIBUTING.md for development setup and guidelines.
Links
License
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi