Back to Browse
Free
Server data from the Official MCP Registry
Australian property listings, prices, and suburb stats from Domain. By UnClick.
About
Australian property listings, prices, and suburb stats from Domain. By UnClick.
Security Report
1.2
Use Caution1.2Critical RiskThis MCP server exposes 450+ API endpoints across 178+ external services with a single API key as the only authentication mechanism. The architecture presents several critical security concerns: the server requires UNCLICK_API_KEY but does not validate it before executing tools, lacks per-tool authorization controls allowing any authenticated user to access sensitive operations (financial data, security scanning, email, SMS, payment systems), and the massive tool surface (mail sending, breach checking, virus scanning, SMS dispatch, payment processing) creates extreme blast-radius risk if credentials are compromised. While the code itself appears reasonably structured without obvious injection vulnerabilities, the security model is fundamentally broken for an MCP server that bridges to dozens of sensitive third-party APIs. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 17 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-domain": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
UnClick MCP server
The app store for AI agents. unclick.world
450+ callable endpoints across 178+ tools, available to any MCP-compatible AI client. New tools ship to the API continuously. Your agent picks them up automatically; no package update is needed.
Install
Using the latest GitHub release (no npm account required):
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"]
}
}
}
Add this to your claude_desktop_config.json (or equivalent for Cursor, Windsurf, etc).
Or install globally from GitHub:
npm install -g https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz
Operational Notes
This repo follows the AGENTS.md fence rules for agent work.
Run
For local web development:
npm run dev
For the API workspace:
npm run dev:api
Test
Run the main test suite:
npm test
Run the production build check:
npm run build
License
This repository is licensed under the MIT License. See LICENSE.
What it does
Gives your agent access to a growing catalog of tools across developer utilities, social media, e-commerce, finance, messaging, media, security, and more. You don't need to install separate packages for each integration. One server provides access to everything in the catalog.
Tool Surface
UnClick exposes a small direct surface for daily agent workflows, plus hidden internal discovery tools for the full catalog.
| Tool group | Tools |
|---|---|
| Memory session protocol | load_memory, save_fact, search_memory, save_identity, save_session |
| Signals and Fishbowl coordination | check_signals, read_messages, post_message, create_todo, list_todos, update_todo, complete_todo, create_idea, list_ideas, vote_on_idea, promote_idea_to_todo |
| Hidden internal catalog tools | unclick_search, unclick_browse, unclick_tool_info, unclick_call |
The agent starts with memory, uses direct Fishbowl tools for coordination, and can still call the hidden catalog tools by name when it needs dynamic endpoint discovery.
Compatibility and advanced memory operations
- Legacy memory names still work as aliases:
get_startup_context->load_memory,write_session_summary->save_session,add_fact->save_fact,set_business_context->save_identity. - The remaining memory operations are intentionally not listed in
ListToolsand are called throughunclick_callwithendpoint_id: "memory.<op>"(for examplememory.manage_decay,memory.store_code,memory.log_conversation,memory.supersede_fact,memory.upsert_library_doc).
Requirements
- Node.js 18+
- An API key from unclick.world
Set your key as an environment variable:
UNCLICK_API_KEY=your_key_here
Or pass it via the MCP config:
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"],
"env": {
"UNCLICK_API_KEY": "your_key_here"
}
}
}
}
More
Full catalog, docs, and API keys at unclick.world.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
485
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
65
Installs
10.0
Security
4.6
Local