Back to Browse
About
Recipes tools for recipes, meals, cooking by UnClick.
Security Report
2.2
Use Caution2.2Critical RiskUnClick is a large MCP server aggregating 450+ tool integrations across diverse APIs. While the architecture and tool wiring are well-organized, critical security concerns exist: the server requires API keys but lacks documented input validation and rate-limiting mechanisms across its vast tool surface, creates substantial network exposure (450+ endpoints), and stores sensitive credentials in environment variables without encryption. Several tool implementations appear incomplete or poorly documented, increasing risk of unexpected behavior or privilege escalation. The reliance on external API keys combined with minimal guardrails for a developer-facing "app store" architecture is concerning. Supply chain analysis found 3 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue (1 critical, 0 high severity).
4 files analyzed · 16 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
Permissions Required
This plugin requests these system permissions. Most are normal for its category.
Unverified package source
We couldn't verify that the installable package matches the reviewed source code. Proceed with caution.
How to Install
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-malamutemayhem-meal": {
"args": [
"-y",
"unclick"
],
"command": "npx"
}
}
}Documentation
View on GitHubFrom the project's GitHub README.
UnClick MCP server
The app store for AI agents. unclick.world
450+ callable endpoints across 178+ tools, available to any MCP-compatible AI client. New tools ship to the API continuously. Your agent picks them up automatically; no package update is needed.
Install
Using the latest GitHub release (no npm account required):
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"]
}
}
}
Add this to your claude_desktop_config.json (or equivalent for Cursor, Windsurf, etc).
Or install globally from GitHub:
npm install -g https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz
Operational Notes
This repo follows the AGENTS.md fence rules for agent work.
Run
For local web development:
npm run dev
For the API workspace:
npm run dev:api
Test
Run the main test suite:
npm test
Run the production build check:
npm run build
License
This repository is licensed under the MIT License. See LICENSE.
What it does
Gives your agent access to a growing catalog of tools across developer utilities, social media, e-commerce, finance, messaging, media, security, and more. You don't need to install separate packages for each integration. One server provides access to everything in the catalog.
Tool Surface
UnClick exposes a small direct surface for daily agent workflows, plus hidden internal discovery tools for the full catalog.
| Tool group | Tools |
|---|---|
| Memory session protocol | load_memory, save_fact, search_memory, save_identity, save_session |
| Signals and Fishbowl coordination | check_signals, read_messages, post_message, create_todo, list_todos, update_todo, complete_todo, create_idea, list_ideas, vote_on_idea, promote_idea_to_todo |
| Hidden internal catalog tools | unclick_search, unclick_browse, unclick_tool_info, unclick_call |
The agent starts with memory, uses direct Fishbowl tools for coordination, and can still call the hidden catalog tools by name when it needs dynamic endpoint discovery.
Compatibility and advanced memory operations
- Legacy memory names still work as aliases:
get_startup_context->load_memory,write_session_summary->save_session,add_fact->save_fact,set_business_context->save_identity. - The remaining memory operations are intentionally not listed in
ListToolsand are called throughunclick_callwithendpoint_id: "memory.<op>"(for examplememory.manage_decay,memory.store_code,memory.log_conversation,memory.supersede_fact,memory.upsert_library_doc).
Requirements
- Node.js 18+
- An API key from unclick.world
Set your key as an environment variable:
UNCLICK_API_KEY=your_key_here
Or pass it via the MCP config:
{
"mcpServers": {
"unclick": {
"command": "npx",
"args": ["-y", "https://github.com/malamutemayhem/unclick/releases/latest/download/unclick.tgz"],
"env": {
"UNCLICK_API_KEY": "your_key_here"
}
}
}
}
More
Full catalog, docs, and API keys at unclick.world.
Reviews
No reviews yet
Be the first to review this server!
More Developer Tools MCP Servers
Git
Freeby Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
80.0K
Stars
4
Installs
6.5
Security
No ratings yet
Local
Toleno
Freeby Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
137
Stars
485
Installs
8.0
Security
4.8
Local
mcp-creator-python
Freeby mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
-
Stars
65
Installs
10.0
Security
4.6
Local