mcp-proxy
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@mcp-proxyfetch https://api.github.com/users/octocat"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
mcp-proxy
MCP server that bypasses Claude Desktop sandbox network restrictions.
Claude Desktop runs in a restricted sandbox that blocks many network operations and CLI tools that need internet access. This MCP server provides three tools that run outside the sandbox, enabling Claude to:
Fetch any URL (API calls, web scraping, downloads)
Execute network-capable CLI tools (yt-dlp, curl, ffmpeg, etc.)
Read files created by those tools (subtitle files, downloads, etc.)
Installation
Quick Install (via GitHub)
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"proxy": {
"command": "npx",
"args": ["-y", "github:CodefiLabs/claude-desktop-skills-proxy"]
}
}
}Restart Claude Desktop for changes to take effect. The server will be automatically downloaded and run.
Local Development
git clone https://github.com/CodefiLabs/claude-desktop-skills-proxy.git
cd claude-desktop-skills-proxy
npm install
npm run buildThen configure Claude Desktop to use the local build:
{
"mcpServers": {
"proxy": {
"command": "node",
"args": ["/path/to/claude-desktop-skills-proxy/dist/index.js"]
}
}
}Related MCP server: Python MCP Custom Server
Tools
proxy_fetch
Make HTTP requests to any URL. Supports all common HTTP methods.
Parameters:
Parameter | Type | Required | Description |
| string | Yes | The URL to fetch |
| string | No | HTTP method: GET, POST, PUT, DELETE, PATCH, HEAD (default: GET) |
| object | No | Custom HTTP headers as key-value pairs |
| string | No | Request body for POST/PUT/PATCH |
| number | No | Timeout in milliseconds (default: 30000) |
| string | No | Domain approval: "once" or "always" |
Example - Simple GET:
{
"url": "https://api.github.com/users/octocat"
}Example - POST with headers:
{
"url": "https://api.example.com/data",
"method": "POST",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer token123"
},
"body": "{\"key\": \"value\"}"
}Example - Approve new domain:
{
"url": "https://newsite.com/api",
"approve": "always"
}network_exec
Execute CLI commands that require network access. Uses secure spawn() instead of shell execution.
Parameters:
Parameter | Type | Required | Description |
| string | Yes | The command to execute (e.g., "yt-dlp", "curl") |
| array | No | Command arguments as array |
| string | No | Working directory |
| object | No | Additional environment variables |
| number | No | Timeout in milliseconds (default: 60000) |
| string | No | Command approval: "once" or "always" |
Example - Download video with yt-dlp:
{
"command": "yt-dlp",
"args": ["--output", "video.mp4", "https://youtube.com/watch?v=dQw4w9WgXcQ"],
"cwd": "/Users/kk/Downloads",
"approve": "always"
}Example - Fetch with curl:
{
"command": "curl",
"args": ["-s", "https://api.ipify.org?format=json"],
"approve": "once"
}Example - Convert video with ffmpeg:
{
"command": "ffmpeg",
"args": ["-i", "input.mp4", "-c:v", "libx264", "output.mp4"],
"cwd": "/Users/kk/Videos",
"timeout": 300000
}read_file
Read files from the host filesystem. Useful for reading files created by network_exec (e.g., subtitle files from yt-dlp).
Parameters:
Parameter | Type | Required | Description |
| string | Yes | Absolute path to the file to read |
| string | No | "utf8" (default) or "base64" for binary files |
| number | No | Maximum file size in bytes (default: 5MB) |
Example - Read subtitle file:
{
"path": "/tmp/video.en.vtt"
}Example - Read binary file as base64:
{
"path": "/tmp/image.png",
"encoding": "base64"
}Workflow for yt-dlp subtitles:
Download subtitles with
network_exec:{ "command": "yt-dlp", "args": ["--write-auto-sub", "--skip-download", "-o", "/tmp/%(id)s", "VIDEO_ID"], "approve": "always" }Read the subtitle file with
read_file:{ "path": "/tmp/VIDEO_ID.en.vtt" }
Blocked paths: Sensitive files like ~/.ssh/*, ~/.aws/*, /etc/shadow, .env files, and credential files are blocked for security.
Approval Flow
When accessing a new domain or running a new command, the tool returns a needs_approval status:
{
"status": "needs_approval",
"domain": "example.com",
"message": "Domain \"example.com\" is not in your allowlist. To proceed, call proxy_fetch again with approve: \"once\" for this request only, or approve: \"always\" to remember this domain."
}Approval options:
"once"- Allow for this single request only"always"- Add to allowlist and remember for future requests
Once approved with "always", subsequent requests to that domain/command work automatically.
Security
Blocked Domains (SSRF Protection)
The following domains are always blocked to prevent Server-Side Request Forgery attacks:
localhost,127.0.0.1,::1- Loopback addresses169.254.169.254- AWS metadata endpoint10.*,172.16-31.*,192.168.*- Private IP rangesfe80:*,fc00:*,fd00:*- IPv6 private/link-local
Blocked Commands
These commands are blocked for security:
Destructive:
rm,rmdir,del,mvPrivilege escalation:
sudo,su,doasPermissions:
chmod,chown,chgrpSystem:
mkfs,fdisk,dd,formatPackage managers:
apt,brew,yum, etc.Shells:
bash,sh,zsh, etc.Network abuse:
nc,netcat,telnet
Argument Validation
Shell operators are blocked in command arguments to prevent injection:
;,|,&&,||- Command chaining>,<- Redirects$(,`,${- Command/variable substitution
Rate Limiting
Requests are rate-limited to prevent abuse:
60 requests per minute per domain/command
Automatic cooldown with retry-after information
Configuration
Configuration is stored at ~/.config/mcp-proxy/config.json:
{
"allowedDomains": ["api.github.com", "example.com"],
"blockedDomains": ["localhost", "127.0.0.1", "..."],
"allowedCommands": ["yt-dlp", "curl", "ffmpeg"],
"blockedCommands": ["rm", "sudo", "..."]
}The file is created automatically on first use. User-approved domains/commands are added to the allowlists. Security blocklists cannot be overridden.
Development
# Build
npm run build
# Watch mode
npm run watch
# Test with MCP Inspector
npx @modelcontextprotocol/inspector node dist/index.jsLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/CodefiLabs/claude-desktop-skills-proxy'
If you have feedback or need assistance with the MCP directory API, please join our Discord server