Back to Browse
Free
Privacy-first unofficial Polar AccessLink v4 MCP server for AI health, sleep and training agents.
About
Privacy-first unofficial Polar AccessLink v4 MCP server for AI health, sleep and training agents.
Security Report
4.4
Use Caution4.4High RiskPolar MCP is a well-structured local-first wellness connector with proper OAuth token handling, clear privacy boundaries, and read-mostly operations. The code demonstrates good security practices for credential storage (env vars, local files with restrictive permissions, no hardcoded secrets). Minor code quality observations exist around error handling and input validation, but they do not introduce exploitable vulnerabilities. Permissions align with the server's purpose of reading wellness data from the Polar API. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 9 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
What You'll Need
Set these up before or after installing:
Polar OAuth client ID. Optional when configured with polar-mcp-server setup.
Environment variable: POLAR_CLIENT_ID
Polar OAuth client secret. Prefer polar-mcp-server setup so this secret is stored in ~/.polar-mcp/config.json instead of MCP client config.Required
Environment variable: POLAR_CLIENT_SECRET
Redirect URI configured in the Polar AccessLink admin. Optional when configured with polar-mcp-server setup.
Environment variable: POLAR_REDIRECT_URI
Optional local path for OAuth tokens. Defaults to ~/.polar-mcp/tokens.json.
Environment variable: POLAR_TOKEN_PATH
Optional payload mode: summary, structured, or raw. Defaults to structured. raw means full Polar AccessLink payloads for supported endpoints.
Environment variable: POLAR_PRIVACY_MODE
Optional SQLite cache toggle. Set to true or sqlite to enable.
Environment variable: POLAR_CACHE
Optional local SQLite cache path. Defaults to ~/.polar-mcp/cache.sqlite.
Environment variable: POLAR_CACHE_PATH
Set to true to bypass the in-memory HTTP response cache (60s TTL for GET only). POST/PUT/DELETE and 4xx/5xx responses are never cached regardless.
Environment variable: POLAR_NO_CACHE
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-davidmosiah-polarmcp": {
"env": {
"POLAR_CACHE": "your-polar-cache-here",
"POLAR_NO_CACHE": "your-polar-no-cache-here",
"POLAR_CLIENT_ID": "your-polar-client-id-here",
"POLAR_CACHE_PATH": "your-polar-cache-path-here",
"POLAR_TOKEN_PATH": "your-polar-token-path-here",
"POLAR_PRIVACY_MODE": "your-polar-privacy-mode-here",
"POLAR_REDIRECT_URI": "your-polar-redirect-uri-here",
"POLAR_CLIENT_SECRET": "your-polar-client-secret-here"
},
"args": [
"-y",
"polar-mcp-unofficial"
],
"command": "npx"
}
}
}Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Fetch
Freeby Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
80.0K
Stars
4
Installs
5.3
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
516
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
71
Installs
10.0
Security
4.6
Local