diff --git a/npx/perplexity-ask/spec.yaml b/npx/perplexity-ask/spec.yaml new file mode 100644 index 0000000..ed83f12 --- /dev/null +++ b/npx/perplexity-ask/spec.yaml @@ -0,0 +1,22 @@ +# Perplexity Ask MCP Server Configuration +# Real-time web search, reasoning, and research via the Perplexity API +# Package: https://www.npmjs.com/package/@perplexity-ai/mcp-server +# Repository: https://github.com/perplexityai/modelcontextprotocol +# Will build as: ghcr.io/stacklok/dockyard/npx/perplexity-ask:0.9.0 + +metadata: + name: perplexity-ask + description: "Official Perplexity MCP server for real-time web search, reasoning, and research via Sonar models" + protocol: npx + +spec: + package: "@perplexity-ai/mcp-server" + version: "0.9.0" + +provenance: + repository_uri: "https://github.com/perplexityai/modelcontextprotocol" + repository_ref: "refs/heads/main" + +security: + # Server requires PERPLEXITY_API_KEY to start - cannot complete startup in CI + insecure_ignore: true diff --git a/npx/server-everything/spec.yaml b/npx/server-everything/spec.yaml new file mode 100644 index 0000000..bb14591 --- /dev/null +++ b/npx/server-everything/spec.yaml @@ -0,0 +1,31 @@ +# Everything MCP Server Configuration +# Reference and demonstration MCP server exercising all features of the MCP protocol +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-everything +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-everything:2026.1.26 + +metadata: + name: server-everything + description: "Reference and demonstration MCP server exercising all features of the MCP protocol (tools, resources, prompts, sampling, etc.)" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-everything" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" + +security: + allowed_issues: + - code: "AITech-12.1" + tool: "get-env" + reason: | + False positive — this is the official MCP reference/demo server, + intentionally exposing a `get-env` tool that "Prints all environment + variables, helpful for debugging MCP server configuration" (see the + server's own description). The scanner flags this as a data-poisoning + / configuration-tampering risk, but env-var inspection is the + documented purpose of the tool in a test fixture meant for protocol + exploration. Not a real exploit vector. diff --git a/npx/server-memory/spec.yaml b/npx/server-memory/spec.yaml new file mode 100644 index 0000000..be42696 --- /dev/null +++ b/npx/server-memory/spec.yaml @@ -0,0 +1,18 @@ +# Memory MCP Server Configuration +# Knowledge-graph-based persistent memory for AI assistants +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-memory +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-memory:2026.1.26 + +metadata: + name: server-memory + description: "Knowledge-graph-based persistent memory for AI assistants, allowing models to remember information across sessions" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-memory" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/npx/server-sequential-thinking/spec.yaml b/npx/server-sequential-thinking/spec.yaml new file mode 100644 index 0000000..c7957cc --- /dev/null +++ b/npx/server-sequential-thinking/spec.yaml @@ -0,0 +1,18 @@ +# Sequential Thinking MCP Server Configuration +# Dynamic and reflective problem-solving through structured thinking sequences +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-sequential-thinking +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-sequential-thinking:2025.12.18 + +metadata: + name: server-sequential-thinking + description: "MCP server for dynamic and reflective problem-solving through structured thinking sequences" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-sequential-thinking" + version: "2025.12.18" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/npx/stripe-mcp/spec.yaml b/npx/stripe-mcp/spec.yaml new file mode 100644 index 0000000..1ca5766 --- /dev/null +++ b/npx/stripe-mcp/spec.yaml @@ -0,0 +1,22 @@ +# Stripe MCP Server Configuration +# Stripe API tools for managing payments, subscriptions, products, and customers +# Package: https://www.npmjs.com/package/@stripe/mcp +# Repository: https://github.com/stripe/agent-toolkit +# Will build as: ghcr.io/stacklok/dockyard/npx/stripe-mcp:0.3.3 + +metadata: + name: stripe-mcp + description: "Official Stripe MCP server providing API tools for managing payments, subscriptions, products, and customers" + protocol: npx + +spec: + package: "@stripe/mcp" + version: "0.3.3" + +provenance: + repository_uri: "https://github.com/stripe/agent-toolkit" + repository_ref: "refs/heads/main" + +security: + # Server requires STRIPE_SECRET_KEY to start - cannot complete startup in CI + insecure_ignore: true diff --git a/uvx/mcp-server-git/spec.yaml b/uvx/mcp-server-git/spec.yaml new file mode 100644 index 0000000..2cd19cc --- /dev/null +++ b/uvx/mcp-server-git/spec.yaml @@ -0,0 +1,18 @@ +# Git MCP Server Configuration +# Tools for reading, searching, and manipulating Git repositories +# Package: https://pypi.org/project/mcp-server-git/ +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-git:2026.1.14 + +metadata: + name: mcp-server-git + description: "MCP server providing tools to read, search, and manipulate Git repositories via libgit2" + protocol: uvx + +spec: + package: "mcp-server-git" + version: "2026.1.14" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/uvx/mcp-server-time/spec.yaml b/uvx/mcp-server-time/spec.yaml new file mode 100644 index 0000000..98bb1f7 --- /dev/null +++ b/uvx/mcp-server-time/spec.yaml @@ -0,0 +1,18 @@ +# Time MCP Server Configuration +# Time and timezone conversion utilities +# Package: https://pypi.org/project/mcp-server-time/ +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-time:2026.1.26 + +metadata: + name: mcp-server-time + description: "MCP server providing time and timezone conversion utilities" + protocol: uvx + +spec: + package: "mcp-server-time" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/uvx/redis-mcp-server/spec.yaml b/uvx/redis-mcp-server/spec.yaml new file mode 100644 index 0000000..1262587 --- /dev/null +++ b/uvx/redis-mcp-server/spec.yaml @@ -0,0 +1,31 @@ +# Redis MCP Server Configuration +# Natural-language interface for managing and querying Redis data +# Package: https://pypi.org/project/redis-mcp-server/ +# Repository: https://github.com/redis/mcp-redis +# Will build as: ghcr.io/stacklok/dockyard/uvx/redis-mcp-server:0.5.0 + +metadata: + name: redis-mcp-server + description: "Official Redis MCP server providing a natural-language interface for managing and querying Redis data" + protocol: uvx + +spec: + package: "redis-mcp-server" + version: "0.5.0" + +provenance: + repository_uri: "https://github.com/redis/mcp-redis" + repository_ref: "refs/heads/main" + +security: + allowed_issues: + - code: "AITech-1.1" + tool: "search_redis_documents" + reason: | + False positive — the scanner flags the tool description for + instruction-override patterns, but the language is legitimate + operational guidance about how to query Redis Search (e.g. field + weighting, syntax) rather than a system-prompt override. The + description does not contain "ignore previous instructions" or any + equivalent override pattern. Verified against redis-mcp-server v0.5.0 + published by Redis Inc (https://github.com/redis/mcp-redis).