statespace-mcp-server
mcp
Warn
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Warn
- network request — Outbound network request in src/mcp.test.ts
- process.env — Environment variable access in src/mcp.ts
- network request — Outbound network request in src/mcp.ts
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This MCP server connects to a deployed Statespace application over HTTP, allowing your AI client to read files and execute predefined commands from the app's frontmatter.
Security Assessment
The tool requires you to pass an API token via an environment variable (`STATESPACE_TOKEN`) to access private apps, which is a standard and secure practice. It safely makes outbound network requests strictly to the Statespace app URL provided by you during setup. It does not execute arbitrary shell commands; instead, it relies on commands explicitly declared by the developer in the app's YAML frontmatter. No hardcoded secrets or dangerous permission requests were found. Overall risk is Low.
Quality Assessment
The project appears to be actively maintained, with its most recent code push happening today. It runs automated tests via GitHub Actions. While it currently has very low community visibility (only 5 GitHub stars), the codebase is straightforward and its integration purpose is highly specific. The automated rule scan incorrectly flagged a missing license, but the project's README badge and official badge link correctly identify it as licensed under MIT.
Verdict
Safe to use, provided you trust the specific Statespace app URL you are connecting the tool to.
This MCP server connects to a deployed Statespace application over HTTP, allowing your AI client to read files and execute predefined commands from the app's frontmatter.
Security Assessment
The tool requires you to pass an API token via an environment variable (`STATESPACE_TOKEN`) to access private apps, which is a standard and secure practice. It safely makes outbound network requests strictly to the Statespace app URL provided by you during setup. It does not execute arbitrary shell commands; instead, it relies on commands explicitly declared by the developer in the app's YAML frontmatter. No hardcoded secrets or dangerous permission requests were found. Overall risk is Low.
Quality Assessment
The project appears to be actively maintained, with its most recent code push happening today. It runs automated tests via GitHub Actions. While it currently has very low community visibility (only 5 GitHub stars), the codebase is straightforward and its integration purpose is highly specific. The automated rule scan incorrectly flagged a missing license, but the project's README badge and official badge link correctly identify it as licensed under MIT.
Verdict
Safe to use, provided you trust the specific Statespace app URL you are connecting the tool to.
MCP server to connect to Statespace apps.
README.md
statespace-mcp
MCP server for Statespace apps.
Usage
Add to your MCP client config:
"statespace": {
"command": "npx",
"args": ["statespace-mcp", "https://your-app.statespace.app"]
}
That's it. The server connects to your deployed Statespace app over HTTP and exposes two tools:
read_page— read any file from the app (start withREADME.md)run_command— execute a command declared in a page's YAML frontmatter
For private apps, pass your API token via STATESPACE_TOKEN:
"statespace": {
"command": "npx",
"args": ["statespace-mcp", "https://your-app.statespace.app"],
"env": {
"STATESPACE_TOKEN": "your-token-here"
}
}
Requirements
- Node.js 18+
- A deployed Statespace app URL (http or https)
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found