Skip to main content
Glama

GLM-4.6 MCP Server

by bobvasic
GitHub
TypeScript
MIT License
3
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue
SECURITY_CHECKLIST.md2.64 kB
# Security Checklist for GitHub Publication ## ✅ Verified - Safe to Push ### Files Containing NO Secrets (Safe) - ✅ `README.md` - All paths sanitized to generic placeholders - ✅ `DEPLOYMENT.md` - All paths and keys replaced with templates - ✅ `ARCHITECTURE.md` - No sensitive information - ✅ `package.json` - No secrets - ✅ `tsconfig.json` - Configuration only - ✅ `src/index.ts` - Source code only - ✅ `src/glm-client.ts` - Source code only - ✅ `warp-mcp-config.json` - Template with placeholders - ✅ `.env.example` - Template only - ✅ `LICENSE` - Public license ### Files Protected by .gitignore (Will NOT be pushed) - 🔒 `.env` - Contains your actual API key - 🔒 `WARP_CONFIG.json` - Contains your actual configuration - 🔒 `build/` - Compiled output (user-generated) - 🔒 `node_modules/` - Dependencies (user-installed) ### Placeholders Used (Safe) - ✅ API Key: `your_glm_api_key_here` (instead of actual key) - ✅ Paths: `/absolute/path/to/glm-mcp-server` (instead of `/home/bob/glm-mcp-server`) - ✅ User: `youruser` (instead of `bob`) --- ## Pre-Push Verification Commands Run these before `git push`: ```bash # 1. Verify .env is ignored git status | grep ".env" # Expected: Nothing (file should be ignored) # 2. Check for API keys in tracked files grep -r "bab62d7" . --exclude-dir=node_modules --exclude-dir=.git --exclude=.env # Expected: Only shows .env (which is gitignored) # 3. Check for personal paths in tracked files grep -r "/home/bob" . --exclude-dir=node_modules --exclude-dir=.git --exclude=.env # Expected: "No matches found" or empty # 4. List files that will be committed git add -n . # Review the list - should NOT include .env or WARP_CONFIG.json # 5. Final check - show what git will track git ls-files | grep -E "(\.env|WARP_CONFIG)" # Expected: Nothing (these should not be tracked) ``` --- ## Safe to Push When ✅ All placeholders are generic ✅ `.env` is in `.gitignore` ✅ `WARP_CONFIG.json` is in `.gitignore` ✅ No API keys in any tracked files ✅ No personal paths (`/home/bob`) in documentation --- ## If You Accidentally Committed Secrets ```bash # Remove from git history (USE WITH CAUTION) git filter-branch --force --index-filter \ "git rm --cached --ignore-unmatch .env WARP_CONFIG.json" \ --prune-empty --tag-name-filter cat -- --all # Then force push (dangerous - only for your own repos) git push origin --force --all ``` **Better Prevention**: Always verify with `git diff --cached` before committing. --- **Repository is now safe for open source publication.** Maintained by: CyberLink Security <info@cyberlinksec.com>

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/bobvasic/glm-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server