Server data from the Official MCP Registry
Self-hosted MCP to find, book, and cancel salon appointments via SalonRunner.
Self-hosted MCP to find, book, and cancel salon appointments via SalonRunner.
This is a well-architected MCP server for booking salon appointments with a thoughtful security model. The OAuth implementation with credential encryption is sound, input validation is present via Zod, and permissions align with its purpose. However, there are several code quality and security concerns that warrant attention: unvalidated user input in some paths, missing CSRF protection on the authorization endpoint, potential timing attacks in token verification, weak session key enforcement in local mode, and overly broad error messages that could leak sensitive information. Supply chain analysis found 4 known vulnerabilities in dependencies (0 critical, 3 high severity). Package verification found 1 issue.
7 files analyzed · 15 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: SALONRUNNER_SALON_ID
Environment variable: SALONRUNNER_USERNAME
Environment variable: SALONRUNNER_PASSWORD
Environment variable: SALONRUNNER_READ_ONLY
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-topness-msft-salonrunner-mcp": {
"env": {
"SALONRUNNER_PASSWORD": "your-salonrunner-password-here",
"SALONRUNNER_SALON_ID": "your-salonrunner-salon-id-here",
"SALONRUNNER_USERNAME": "your-salonrunner-username-here",
"SALONRUNNER_READ_ONLY": "your-salonrunner-read-only-here"
},
"args": [
"-y",
"salonrunner-mcp"
],
"command": "npx"
}
}
}From the project's GitHub README.
An MCP server that lets an AI assistant find, book, and cancel salon appointments through your personal SalonRunner / Rosy Salon Software client account — the same booking site many salons use.
It's self-hosted: you deploy your own instance. Run it locally as a tool (Claude Desktop, Cursor, Copilot CLI) where credentials stay on your machine, or as a remote connector for claude.ai where you log in with your SalonRunner account on the connector's login screen.
⚠️ Unofficial, uses undocumented endpoints, personal use only. Read DISCLAIMER.md.
| Tool | What it does |
|---|---|
list_services | List bookable services (name, id, price) |
list_providers | List stylists; optionally only those who do a given service |
find_availability | Open slots for a service over a date range (optionally one provider) |
list_my_appointments | Your upcoming appointments |
book_appointment | Book a slot returned by find_availability |
cancel_appointment | Cancel by appointment id |
list/find/book/cancel
│
this server ──login──► app.salonrunner.com (session cookie)
│ ──authv2─► customer JWT (30 min, auto-refreshed)
│ ──reads──► app.rosysalonsoftware.com/api/v2 (Bearer JWT)
└──────writes───► /customer/appointments/{book,cancel}.json (cookie)
customerId is discovered from your account after login; corporateId is read from the JWT.
Availability is computed from the provider's per-service duration and the salon's slot grid
(SALONRUNNER_SLOT_MINUTES, default 15).
There are two ways to run it, and they get their salon credentials differently:
.env).| Variable | Used by | Notes |
|---|---|---|
SALONRUNNER_SALON_ID | stdio | The id in your booking URL …/customer/login.htm?id=XXXXX |
SALONRUNNER_USERNAME / SALONRUNNER_PASSWORD | stdio | Your client login |
SALONRUNNER_CUSTOMER_ID | both | Auto-discovered; set only if discovery fails |
SALONRUNNER_SLOT_MINUTES | both | Salon booking granularity (default 15) |
SALONRUNNER_READ_ONLY | both | true disables book/cancel while you try it out |
SESSION_SIGNING_KEY | HTTP | Signs tokens + encrypts the credentials inside them; survives restarts/scale-to-zero (>=16 chars) |
PUBLIC_URL | HTTP | This server's public URL, e.g. https://your-app.fly.dev |
In HTTP mode the salon id + username + password are collected on the login screen (validated by a real SalonRunner login) and encrypted into the OAuth token, so one deployment can serve multiple salons and there are no salon secrets on the server.
Published on npm as salonrunner-mcp. Install globally:
npm install -g salonrunner-mcp
Then point your client at the salonrunner-mcp command (no build, no absolute paths). Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"salonrunner": {
"command": "salonrunner-mcp",
"env": {
"SALONRUNNER_SALON_ID": "21248",
"SALONRUNNER_USERNAME": "you@example.com",
"SALONRUNNER_PASSWORD": "your-password"
}
}
}
}
Prefer no global install? Use "command": "npx" with "args": ["-y", "salonrunner-mcp"] and the same env.
npm install && npm run build
Then use "command": "node" with "args": ["/absolute/path/to/salonrunner-mcp/dist/stdio.js"] and the same env.
No hosting, no OAuth — credentials stay on your machine. Recommended if you don't need claude.ai.
claude.ai can only use remote MCP servers, so you deploy your own instance.
fly launch --no-deploy # pick a unique app name; creates the app
fly secrets set \
SESSION_SIGNING_KEY=$(node -e "console.log(require('crypto').randomBytes(32).toString('base64url'))") \
PUBLIC_URL=https://YOUR-APP.fly.dev
fly deploy
fly scale count 1 # in-memory MCP sessions: keep a single instance
No salon credentials are configured here — users supply them on the login screen. The server
refuses to start without SESSION_SIGNING_KEY. Credentials are validated by a real
SalonRunner login and then encrypted into the (signed) token, which claude.ai stores, so the app
scales to zero between uses and you authorize only once — cold starts (~3s) are
transparent and never re-prompt.
https://YOUR-APP.fly.dev/mcpSESSION_SIGNING_KEY=local-dev-please-change PUBLIC_URL=http://localhost:8787 npm run start:http
Two independent auth layers:
SESSION_SIGNING_KEY).
No server-side session store, so authorization survives restarts and scale-to-zero.The server holds no salon credentials at rest — they live (encrypted) inside each user's
token and are only decrypted in memory per request. One deployment can serve multiple salons.
A leaked token can't be revoked individually; rotate SESSION_SIGNING_KEY to invalidate all
tokens (everyone re-enters credentials once). Keep SESSION_SIGNING_KEY secret and serve only
over HTTPS.
SALONRUNNER_READ_ONLY=true first.SALONRUNNER_SLOT_MINUTES must match your salon's scheduling grid (default 15) for accurate
availability.api.salonrunner.com)
is a separate product requiring a salon-issued ApiKey; this project does not use it.MIT — see LICENSE. No warranty.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Modelcontextprotocol · Developer Tools
Read, search, and manipulate Git repositories programmatically
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.
by Microsoft · Content & Media
Convert files (PDF, Word, Excel, images, audio) to Markdown for LLM consumption
by mcp-marketplace · Developer Tools
Search and install MCP servers from inside your AI client.