by HelpCode-ai
MCP gateway for REST, SOAP/WSDL, GraphQL & SQL — the legacy-friendly API-to-MCP bridge for Claude, ChatGPT, Gemini, Copilot, Cursor. OpenAPI/Postman/WSDL import, OAuth2, RBAC, on-prem audit log. 160+ pre-built adapters (Sorare, WooCommerce, Whatsapp, WeClapp, HRWorks…)
# Add to your Claude Code skills
git clone https://github.com/HelpCode-ai/anythingmcpLast scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@opentelemetry/auto-instrumentations-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-logs-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-metrics-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-grpc: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-http: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/exporter-trace-otlp-proto: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-exporter-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-grpc-exporter-base: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/otlp-transformer: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@opentelemetry/sdk-node: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@prisma/dev: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@sentry/nextjs: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "next: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "prisma: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "protobufjs: protobuf.js: Code injection through bytes field defaults in generated toObject code",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-05-30T16:58:21.602Z",
"npmAuditRan": true,
"pipAuditRan": true
}anythingmcp is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by HelpCode-ai. MCP gateway for REST, SOAP/WSDL, GraphQL & SQL — the legacy-friendly API-to-MCP bridge for Claude, ChatGPT, Gemini, Copilot, Cursor. OpenAPI/Postman/WSDL import, OAuth2, RBAC, on-prem audit log. 160+ pre-built adapters (Sorare, WooCommerce, Whatsapp, WeClapp, HRWorks…). It has 117 GitHub stars.
anythingmcp returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/HelpCode-ai/anythingmcp" and add it to your Claude Code skills directory (see the Installation section above).
anythingmcp is primarily written in TypeScript. It is open-source under HelpCode-ai on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh anythingmcp against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
🏭 Origin story. AnythingMCP started inside a German industrial group that needed AI agents to talk to 15+ legacy systems (ERP, CRM, custom SOAP, on-prem Postgres). Writing one MCP server per system would have taken weeks each; we extracted the common gateway after the third rewrite and have been running it in production for ~6 months. We open-sourced it because the catalog grows faster as a community than as a single vendor. Built by a small team using AI coding assistants — see AUTHORS.md.
AnythingMCP is a self-hosted, source-available MCP server and API gateway that turns your existing APIs into Model Context Protocol tools. Connect any API — REST, SOAP, GraphQL, databases, or other MCP servers — and expose them to Claude, ChatGPT, Gemini, Copilot, Cursor, and any other MCP-compatible client.
No SDK. No code changes. Point, configure, connect.
Built-in adapters ship with the catalog so you get an instant MCP server for popular SaaS and public APIs — DHL, DPD, GLS, Shipcloud, Sendcloud, Deutsche Bahn, DATEV, Weclapp, Xentral, Shopware 6, Personio, Handelsregister, VIES VAT, OpenPLZ, HERE Geocoding, Oxomi and more (full list below).
Requires Docker 24+,
bash,openssl. On macOS, start Docker Desktop first.
git clone https://github.com/HelpCode-ai/anythingmcp.git
cd anythingmcp && ./setup.sh
# When setup finishes, open http://localhost:3000 and register
# the first user — they automatically become the admin.
⚠️ Register immediately after setup. The first account to register becomes Admin. If your instance is reachable from the internet during setup, configure firewall rules or bind the UI to
127.0.0.1until you've created the admin account.
| Problem | Solution |
|---|---|
| You have REST APIs but AI clients speak MCP | REST → MCP conversion with OpenAPI / Swagger import |
| You have legacy SOAP/WSDL services | SOAP → MCP bridge with automatic WSDL parsing |
| You need to query databases from AI agents | DB → MCP with auto-generated query tools |
| You want one MCP gateway for all your APIs | MCP middleware that aggregates multiple connectors |
| You need an MCP server for DHL/DPD/DATEV/Weclapp/… | 36+ pre-built adapters — install in one click |
| You need auth, audit logs, and RBAC | Built-in auth, audit log, and RBAC |
| You can't ship credentials to a SaaS gateway | Runs on your infrastructure — credentials AES-256-GCM at rest |
| You have SOAP/WSDL or on-prem databases AI clients can't speak | First-class SOAP & SQL — not just REST integrations |
| Feature | AnythingMCP | Custom MCP server | Hosted MCP gateways |
|---|---|---|---|
| No-code setup | ✅ Visual editor | ❌ Write code | ⚠️ Config files |
| SOAP / WSDL support | ✅ Built-in | ❌ Manual | ❌ Rarely supported |
| Database connectors | ✅ 7 engines | ❌ Build yourself | ⚠️ Limited |
| Visual tool editor | ✅ | ❌ | ❌ |
| Auth & audit trail | ✅ OAuth2, RBAC, logs | ❌ DIY | ⚠️ Partial |
| Where credentials live | ✅ Your infra (AES-256-GCM) | ✅ Your code | ⚠️ Gateway provider |
| Self-hosted option | ✅ Docker / Railway / DO / Cloud | ✅ | ⚠️ Often SaaS-only |
| Pre-built SaaS adapters | ✅ 36+ ready-to-use | ❌ Build each | ⚠️ Few |
| Multi-client support | ✅ Claude, ChatGPT, Gemini, Copilot, Cursor | ✅ | ⚠️ Varies |
{{VAR}} interpolation, hidden from AIdocker compose up and you're runningAnythingMCP ships with 37+ ready-to-use adapters — DACH-rooted but reaching the UK, India, Brasil, Nigeria, Japan and the global gaming web3 space. Provide your API credentials at import time and the tools become available immediately. Each adapter has its own setup guide on anythingmcp.com (English, German, Italian).
📍 Catalog heads-up. The starting set leans DACH (Germany / Austria / Switzerland) because that's where this was built in production first, with first-wave international coverage now lan