Hi from Anthropic π
We reviewed Local Falcon MCP for inclusion in the Anthropic MCP Directory. We found two items that need to be addressed before we can list the server.
Required
-
Credential management β We observed an OAuth client secret hardcoded in the distributed package (oauth/config.js). While the OAuth code path isn't active in STDIO mode, the credential is still exposed in plaintext to anyone who extracts the bundle. Please move this to an environment variable or server-side configuration.
-
Tool annotation accuracy β All 37 tools currently declare openWorldHint: false, but every tool makes external API calls to api.localfalcon.com. Please update to openWorldHint: true on all tools.
We're happy to re-review once these are addressed. Feel free to reach out with any questions.
Hi from Anthropic π
We reviewed
Local Falcon MCPfor inclusion in the Anthropic MCP Directory. We found two items that need to be addressed before we can list the server.Required
Credential management β We observed an OAuth client secret hardcoded in the distributed package (
oauth/config.js). While the OAuth code path isn't active in STDIO mode, the credential is still exposed in plaintext to anyone who extracts the bundle. Please move this to an environment variable or server-side configuration.Tool annotation accuracy β All 37 tools currently declare
openWorldHint: false, but every tool makes external API calls toapi.localfalcon.com. Please update toopenWorldHint: trueon all tools.We're happy to re-review once these are addressed. Feel free to reach out with any questions.