Skillget

1mcp.in

mcp
Security Audit
Fail
Health Warn
  • License — License: Apache-2.0
  • Description — Repository has a description
  • Active repo — Last push 0 days ago
  • Low visibility — Only 8 GitHub stars
Code Fail
  • rm -rf — Recursive force deletion command in scripts/install.sh
Permissions Pass
  • Permissions — No dangerous permissions requested
Purpose
This tool acts as a local central router for MCP (Model Context Protocol) servers. It allows developers to configure MCP integrations once and route them across multiple AI coding assistants, replacing scattered configuration files and duplicated credentials with a single hub.

Security Assessment
This tool inherently manages highly sensitive data, including API tokens and environment variables. It operates by modifying local client configuration files to take over AI tool routing, which requires modifying local system files and running continuous background processes. While the documentation claims robust protections (manifest pinning, PII redaction, and Docker sandboxing), the automated scan flagged a recursive force deletion command (`rm -rf`) within the installation script. This is a common pattern in installers but demands caution. No hardcoded secrets were found in the static scan, and no explicitly dangerous OS-level permissions are requested. However, piping remote web scripts directly to the shell (`curl | sh`) to execute it requires careful manual review before running. Overall risk is rated as Medium.

Quality Assessment
The project is licensed under the permissive Apache-2.0 license and appears to be actively maintained, with repository updates pushed as recently as today. However, community adoption is currently very low, sitting at only 8 GitHub stars. Because the codebase is young and has not been widely peer-reviewed by the open-source community, undiscovered vulnerabilities may exist.

Verdict
Use with caution: the concept is highly useful and actively maintained, but the combination of low community visibility, sensitive credential access, and aggressive installation scripts means you should audit the installation script and configuration backups before integrating it into your workflow.
SUMMARY

One local router that makes every approved MCP server available inside VS Code, Cursor, Claude Desktop, Claude Code, Windsurf, and other AI clients.

README.md

1mcp — One router for all your AI tools

Install MCP servers once, connect every AI client. No duplicated configs, no scattered credentials.

1mcp Hub UI demo

CI
License
Release

Install

curl -fsSL https://install.1mcp.in | sh   # macOS/Linux
irm https://install.1mcp.in/windows | iex  # Windows

mach1ctl start                 # launch router + Hub UI
mach1ctl install github        # install GitHub MCP
mach1ctl connect cursor        # connect Cursor (replaces direct MCPs)
mach1ctl doctor                # verify everything works

Why this exists

Every AI client (Cursor, VS Code, Claude Desktop, Claude Code, Windsurf, Codex) needs its own MCP config file. If you use GitHub, Slack, Linear, Notion, and Postgres MCPs with 4 clients, you configure 20 entries and paste credentials 20 times.

1mcp replaces all of them with one router process and one Hub UI. Install each MCP once, connect every client with one command. When mach1 connects to a client, it takes over the MCP config — removing all direct entries so the AI client has no choice but to route every tool call through mach1. Your original config is backed up and restored when you disconnect.

Quick start

mach1ctl install github
mach1ctl env set github GITHUB_TOKEN=ghp_...
mach1ctl connect cursor        # replaces all cursor MCPs with mach1
mach1ctl connect claude        # replaces all claude MCPs with mach1

One install. One credential entry. Every client uses github__list_pull_requests, github__create_issue, etc.

To undo:

mach1ctl disconnect cursor     # restores your original MCP config

Supported clients

Client Connect Status
VS Code / GitHub Copilot mach1ctl connect vscode ✅ Supported
Cursor mach1ctl connect cursor ✅ Supported
Claude Desktop mach1ctl connect claude ✅ Supported
Claude Code mach1ctl connect claudecode ✅ Supported
Windsurf mach1ctl connect windsurf ✅ Supported
Codex mach1ctl connect codex ✅ Supported
OpenCode mach1ctl connect opencode ✅ Supported

Security model

Layer What 1mcp does
Tool integrity SHA256 of every tool manifest is pinned on install. Changes require re-approval.
Supply chain Every marketplace entry has a maintainer-signed SHA256 digest. Install fails on mismatch.
PII scrubbing Emails, phones, credit cards, API keys, tokens redacted before logs/UI output.
Process sandbox Docker MCPs capped at 1 CPU, 512MB RAM, read-only fs, no network unless granted.
Credential storage Secrets stored locally in OSS version, never logged. Team Pro uses AES-256-GCM vault.
Catalog signing Community entries reviewed and signed by maintainers. No auto-approval.

Marketplace

The catalog at packages/registry-index/index.json has 50+ MCPs with trust labels:

  • anthropic-official — from the Anthropic MCP catalog
  • 1mcp.in-verified — reviewed and tested by maintainers
  • community — submitted via PR, signed only after human review

To add an MCP to the marketplace, see CONTRIBUTING_MCP.md.

Team Pro

Shared MCP configuration across your team, credential vaulting, admin approval gates, activity logs, custom agents, and usage dashboards. 5-50 seats at ₹1,999/seat/month.

1mcp.in/team — waitlist open.

Comparison

Capability 1mcp Raw client configs Enterprise gateways
Local-first Usually ❌
One config for many clients Sometimes
Hub UI
Tool change review Sometimes
Signed catalog installs Sometimes
Local credential storage Manual Usually centralized
Lazy MCP startup Depends
One-command connect

From source

git clone https://github.com/SaiAvinashPatoju/1mcp.in.git
cd 1mcp.in

# Windows
powershell -ExecutionPolicy Bypass -File scripts\build.ps1

# macOS/Linux
bash scripts/build.sh

See GETTING_STARTED.md for detailed development setup.

Repository

services/mach1/          Go router, API server, CLI
services/web-ui/         SvelteKit + Tauri desktop Hub
packages/mcp-manifest/   Manifest JSON Schema
packages/registry-index/ Signed marketplace catalog
scripts/                 Build, install, E2E helpers

License

Apache 2.0. See LICENSE.

If 1mcp saves you time, star the repo

Reviews (0)

No results found