by mcpgod
Fine-grained control over model context protocol (MCP) clients, servers, and tools. Context is God.
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
# Add to your Claude Code skills
git clone https://github.com/mcpgod/cliGuides for using mcp servers skills like cli.
Last scanned: 5/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@aws-sdk/client-cloudfront: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/client-s3: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/client-sso: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/core: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-env: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-http: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-ini: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-process: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-sso: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/credential-provider-web-identity: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-flexible-checksums: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-sdk-s3: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/middleware-user-agent: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/nested-clients: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/signature-v4-multi-region: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/token-providers: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@aws-sdk/util-user-agent-node: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@eslint/plugin-kit: @eslint/plugin-kit is vulnerable to Regular Expression Denial of Service attacks through ConfigCommentParser",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@inquirer/editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@modelcontextprotocol/sdk: Anthropic's MCP TypeScript SDK has a ReDoS vulnerability",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@smithy/config-resolver: AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value",
"severity": "low"
},
{
"type": "npm-audit",
"message": "@smithy/middleware-retry: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "ajv: ajv has ReDoS when using `$data` option",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "brace-expansion: brace-expansion: Zero-step sequence causes process hang and memory exhaustion",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "diff: jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch",
"severity": "low"
},
{
"type": "npm-audit",
"message": "eslint: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "express: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "external-editor: Vulnerability found",
"severity": "low"
},
{
"type": "npm-audit",
"message": "fast-xml-parser: fast-xml-parser has an entity encoding bypass via regex injection in DOCTYPE entity names",
"severity": "critical"
},
{
"type": "npm-audit",
"message": "flatted: flatted vulnerable to unbounded recursion DoS in parse() revive phase",
"severity": "high"
},
{
"type": "npm-audit",
"message": "glob: glob CLI: Command injection via -c/--cmd executes matches with shell:true",
"severity": "high"
},
{
"type": "npm-audit",
"message": "js-yaml: js-yaml has prototype pollution in merge (<<)",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "lodash: Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions",
"severity": "high"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "mocha: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
"severity": "high"
},
{
"type": "npm-audit",
"message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
"severity": "high"
},
{
"type": "npm-audit",
"message": "qs: qs's arrayLimit bypass in comma parsing allows denial of service",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "serialize-javascript: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()",
"severity": "high"
},
{
"type": "npm-audit",
"message": "tmp: tmp allows arbitrary temporary file / directory write via symbolic link `dir` parameter",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
}
],
"status": "FAILED",
"scannedAt": "2026-05-30T16:31:38.412Z",
"npmAuditRan": true,
"pipAuditRan": true
}Fine-grained control over model context protocol (MCP) clients, servers, and tools. Context is God.
MCPGod is a CLI tool designed to help developers manage MCP servers with speed and ease. Whether you need to add, run, list, or remove servers—or even interact with server tools—MCPGod provides a streamlined interface to handle all these tasks on Windows, macOS, or Linux.
Install mcpgod globally using npm:
npm install -g mcpgod
Verify the installation:
mcpgod --version
Or run directly with npx.
npx -y mcpgod
Access the CLI with the mcpgod command (or npx -y mcpgod). Below are some common examples:
Add a Server to a Client
Add an MCP server to a client (e.g., Claude) with mcpgod add <SERVER> -c <CLIENT>:
mcpgod add @modelcontextprotocol/server-everything -c claude
Only Add Specific Tools to a Client
Only add specific tools to a client with mcpgod add <SERVER> -c <CLIENT> --tools=<COMMA_DELIMITED_LIST>:
mcpgod add @modelcontextprotocol/server-everything -c claude --tools=echo,add
List Servers for a Client
List all configured servers for a specific client with mcpgod list -c <CLIENT>:
mcpgod list -c claude
Remove a Server
Remove an MCP server from your client's configuration with mcpgod remove <SERVER> -c <CLIENT>:
mcpgod remove @modelcontextprotocol/server-everything -c claude
Run a Server
Run a server process with detailed logging with mcpgod run <SERVER>:
mcpgod run @modelcontextprotocol/server-everything
mcpgod run ./mcp-server.py
mcpgod run ./mcp-server-node.mjs
List Available Tools for a Server
Display the list of tools available on a server with mcpgod tools <SERVER>:
mcpgod tools @modelcontextprotocol/server-everything
mcpgod tools ./mcp-server.py
mcpgod tools ./mcp-server-node.mjs
Call a Specific Tool on a Server
Interact with a tool by passing key-value properties with mcpgod tool <SERVER> <TOOL> [optional parameters]:
mcpgod tool @modelcontextprotocol/server-everything add a=59 b=40
mcpgod tool ./mcp-server.py echo message=hi
mcpgod tool ./mcp-server-node.mjs echo message=hi
For a complete list of commands and options, simply run:
mcpgod --help
When running a server, mcpgod logs output to:
~/mcpgod/logs
Each log file is organized by server name and timestamped to help you trace and debug any issues that arise.
mcpgod is built with the Oclif framework and uses the Model Context Protocol SDK for robust interactions with MCP servers.
Clone the repository to get started with development:
git clone https://github.com/mcpgod/cli.git
cd mcpgod
npm install
Run the CLI in development mode:
./bin/dev
Automatic publishing is handled by the version, tag and github release workflow. A new npm version is published whenever a version bump is merged into the main branch. The workflow can also be triggered manually from the Actions tab.
To enable publishing, set the following repository secrets:
NPM_TOKEN – authentication token for npm.GH_EMAIL and GH_USERNAME – used by the README update step.Once the secrets are configured, pushing a new version or running the workflow manually will build the project, create a GitHub release and publish the package to npm.
Before committing changes to workflows, you can lint them locally:
npm run lint:workflows
Contributions are always welcome! To contribute:
git checkout -b feature/your-feature
git commit -am 'Add new feature'
git push origin feature/your-feature
This project is licensed under the MIT License.
cli is an open-source mcp servers skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by mcpgod. Fine-grained control over model context protocol (MCP) clients, servers, and tools. Context is God. It has 117 GitHub stars.
cli failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.
Clone the repository with "git clone https://github.com/mcpgod/cli" and add it to your Claude Code skills directory (see the Installation section above).
cli is primarily written in TypeScript. It is open-source under mcpgod on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other MCP Servers skills you can browse and compare side by side. Open the MCP Servers category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh cli against similar tools.
No comments yet. Be the first to share your thoughts!
Top skills in this category by stars