axecap
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@axecapaudit localhost:3000 for WCAG AA violations"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
@icjia/axecap
A lightweight local MCP server that runs axe-core accessibility audits via Playwright and returns compressed, actionable results optimized for Claude's context window. Where lightcap wraps Lighthouse (which embeds axe-core behind several layers of abstraction), axecap runs axe-core directly — giving full control over WCAG conformance level targeting (A, AA, AAA), rule selection, and element-level detail that Lighthouse filters or aggregates away.
Why?
A raw axe-core result object can be 50K-500K tokens — deeply nested JSON with HTML snippets, full DOM node references, related nodes, and verbose check arrays. AxeCap compresses that into ~30-150 lines of structured plain text that Claude can read and act on immediately.
The workflow that matters:
You: "Audit localhost:3000 for WCAG AA"
Claude: [calls audit_url] 14 violations (3 critical, 5 serious, 4 moderate, 2 minor)
Claude: "I see 3 critical violations. Let me fix them now."
Claude: [edits your source files]
You: "Run it again"
Claude: [calls audit_url] 6 violations (0 critical, 2 serious, 3 moderate, 1 minor)This audit → fix → re-audit loop is what makes an MCP server more valuable than the axe-core CLI.
Related MCP server: A11y MCP Server
Why not just use lightcap?
lightcap is the right tool when you want a holistic Lighthouse audit (performance + a11y + SEO + best practices). But lightcap's accessibility results come from Lighthouse's interpretation of axe-core, which:
Filters rules — Lighthouse includes ~40 of axe-core's ~90+ rules, dropping many AAA and best-practice rules
Loses granularity — Lighthouse aggregates axe results into its own scoring system; individual rule metadata (tags, impact, help URLs) is partially stripped
Cannot target conformance levels — you can't ask Lighthouse for "AAA only" or "just the delta between AA and AAA"
Merges axe-core's
incompletecategory into passes — axe-core distinguishes "passed," "failed," and "needs review" (incomplete); Lighthouse collapses the third
axecap solves all four. It's the precision tool for WCAG compliance work; lightcap is the broad-spectrum audit tool.
When to use which
Scenario | Tool |
Pre-deploy check (perf + a11y + SEO) | lightcap |
Quick a11y score with impact grouping | lightcap |
Targeted WCAG AA compliance audit | axecap |
AAA gap analysis (what would it take?) | axecap |
Audit specific rules (e.g., color-contrast only) | axecap |
Get detailed rule documentation mid-fix | axecap |
Look up which rules map to a WCAG criterion | axecap |
Multi-site performance + a11y sweep | lightcap |
Test a component's HTML without a server | axecap |
What it does
Runs axe-core audits directly (not through Lighthouse) for full rule-set access
Targets WCAG conformance levels: A, AA (default), AAA, or best-practice
AAA delta mode shows only the gap from AA to AAA ("what would it take?")
Audits specific axe-core rules by ID (e.g.,
color-contrast,image-alt)Audits raw HTML content without a running server (component testing)
Compresses ~50K-500K token axe-core JSON into ~30-150 lines of structured plain text
Groups violations by impact: critical, serious, moderate, minor
Includes WCAG criteria + conformance level per violation (e.g.,
[1.4.3 AA])Includes Deque University help URLs per violation
Includes "needs review" (incomplete) results as opt-in
Queries axe-core's rule registry without launching a browser (instant response)
Waits for SPA elements before auditing (
waitForparameter)Optionally saves full JSON results to disk for manual review
Reports server, axe-core, and Playwright version info with npm update availability
Standalone CLI for use outside of MCP clients
Runs as a local MCP server over stdio (no HTTP, no ports, no remote attack surface)
Installation
Prerequisites
Node.js >= 18 (check with
node --version)Claude Code, Cursor, or any MCP-compatible client (for MCP mode)
Playwright downloads Chromium automatically on first install — no separate browser install needed.
Option 1: npx (recommended, no install needed)
npx downloads and runs the package automatically. Nothing to install globally.
# Test that it works
npx -y @icjia/axecap --helpOption 2: Global install
npm install -g @icjia/axecapOption 3: Clone for development
git clone https://github.com/ICJIA/axecap-mcp.git
cd axecap-mcp
npm install
npx playwright install chromiumSetup with Claude Code
Claude Code manages MCP server lifecycle automatically — you register the server once, and Claude Code starts/stops it with each session.
Using npx (recommended)
# Register for all projects (user-level)
claude mcp add axecap -s user -- npx -y @icjia/axecap
# Or register for current project only
claude mcp add axecap -s project -- npx -y @icjia/axecapUsing a local clone
# Point directly at the source (for development)
claude mcp add axecap -s user -- node /absolute/path/to/axecap-mcp/src/server.jsManual config (edit settings.json directly)
If you prefer, edit ~/.claude/settings.json:
{
"mcpServers": {
"axecap": {
"command": "npx",
"args": ["-y", "@icjia/axecap"]
}
}
}Verify it's registered
Restart Claude Code after registering. You should see axecap listed when you run /mcp in Claude Code. Then test:
"Use axecap to audit http://localhost:3000 for WCAG AA"
Tool routing with lightcap, viewcap, and Chrome MCP
If you have lightcap, viewcap, and Chrome MCP registered alongside axecap, add this to your project's CLAUDE.md to ensure Claude uses the right tool for each task:
# Tool preferences
- For WCAG compliance audits (A/AA/AAA, specific rules, rule lookups), use the `axecap` MCP server (audit_url, audit_html, get_rules, get_rule_info, get_status).
- For Lighthouse audits (performance, accessibility, SEO, best practices), use the `lightcap` MCP server (run_audit, run_a11y, get_status).
- For all screenshots, use the `viewcap` MCP server (take_screenshot, capture_selector, take_screencast).
- For version info on MCP tools, use the relevant server's `get_status` tool.
- Use Chrome MCP for browser automation, DOM interaction, and navigation only.Setup with Cursor
Cursor supports MCP servers through its settings. Add axecap to your Cursor MCP configuration.
Global configuration
Edit ~/.cursor/mcp.json (create it if it doesn't exist):
{
"mcpServers": {
"axecap": {
"command": "npx",
"args": ["-y", "@icjia/axecap"]
}
}
}Project-level configuration
Create .cursor/mcp.json in your project root:
{
"mcpServers": {
"axecap": {
"command": "npx",
"args": ["-y", "@icjia/axecap"]
}
}
}After adding the configuration, restart Cursor. AxeCap's tools will be available to the AI assistant.
Setup with other MCP clients
AxeCap works with any MCP client that supports stdio transport. The server communicates over stdin/stdout using JSON-RPC (the MCP protocol). Configure your client to spawn:
npx -y @icjia/axecapNo HTTP ports, no environment variables, no API keys required.
MCP Tools
audit_url
Run an axe-core accessibility audit on a web page at a specified WCAG conformance level. Default audits A + AA rules (cumulative).
Parameter | Type | Default | Description |
| string | (required) | HTTP/HTTPS URL to audit |
| string |
| WCAG conformance level: |
| boolean |
| If true with |
| string[] | — | Run only these specific rule IDs (e.g., |
| number | 10 | Top N violations per impact group (max 15) |
| string |
|
|
| boolean |
| Include "needs review" results |
| string | — | CSS selector to wait for before auditing (for SPAs) |
| string | — | Save full JSON results to this directory |
Returns: Compressed plain text with violation count, impact grouping, WCAG criteria, CSS selectors, and help URLs.
Example output (page with violations at AA):
axe: http://localhost:3000 [desktop] AA — 14 violations (3c 5s 4m 2n)
── Critical (3 violations, 18 el) ──
✗ image-alt [1.1.1 A] (12 el)
→ img.hero-image
→ img.card-thumb (×8)
→ img.logo
→ img.partner-logo (×2)
→ (+7)
ℹ https://dequeuniversity.com/rules/axe/4.10/image-alt
✗ color-contrast [1.4.3 AA] (4 el)
→ p.subtitle
→ span.caption
→ a.nav-link
→ (+1)
ℹ https://dequeuniversity.com/rules/axe/4.10/color-contrast
✗ label [1.3.1 A] (2 el)
→ input#search
→ input#email
ℹ https://dequeuniversity.com/rules/axe/4.10/label
── Serious (5 violations, 11 el) ──
✗ heading-order [1.3.1 A] (1 el)
→ section.content > h4
ℹ https://dequeuniversity.com/rules/axe/4.10/heading-order
✗ link-name [2.4.4 A] (3 el)
→ a.icon-link, a.social-fb, a.social-tw
ℹ https://dequeuniversity.com/rules/axe/4.10/link-name
...
── Moderate (4 violations, 8 el) ──
...
── Minor (2 violations, 3 el) ──
...Example output (clean page):
axe: http://localhost:3000 [desktop] AA — 0 violationsOne line. ~20 tokens. No wasted context on a page that doesn't need fixing.
Example output (AAA delta):
axe: http://localhost:3000 [desktop] AAA (delta from AA) — 6 violations (0c 2s 3m 1n)
── Serious (2 violations, 5 el) ──
✗ link-in-text-block [1.4.1 A] (3 el)
→ a.inline-link (×3)
ℹ https://dequeuniversity.com/rules/axe/4.10/link-in-text-block
...audit_html
Run an axe-core audit on raw HTML content. Useful for testing components or generated markup without a running server. All network requests from embedded resources are blocked (SSRF-safe).
Parameter | Type | Default | Description |
| string | (required) | HTML content to audit |
| string |
| WCAG conformance level |
| string[] | — | Specific rule IDs to run |
| number | 10 | Top N per impact group |
| string |
|
|
| boolean |
| Include needs-review results |
Returns: Same compressed format as audit_url.
get_rules
List axe-core rules, optionally filtered by WCAG level or tag. Does not require a browser — instant response.
Parameter | Type | Default | Description |
| string | — | Filter to rules at this WCAG level ( |
| string | — | Filter to rules for a specific WCAG criterion (e.g., |
| string | — | Search rule IDs and descriptions (substring match) |
Example output:
axe-core rules (AA, 47 rules):
color-contrast [1.4.3 AA] serious — Elements must meet minimum color contrast ratio thresholds
image-alt [1.1.1 A] critical — Images must have alternate text
label [1.3.1 A] critical — Form elements must have labels
link-name [2.4.4 A] serious — Links must have discernible text
...get_rule_info
Get detailed information about a specific axe-core rule.
Parameter | Type | Default | Description |
| string | (required) | axe-core rule ID (e.g., |
Example output:
axe rule: color-contrast
Impact: serious
WCAG: 1.4.3 (AA)
Tags: wcag2aa, wcag143, cat.color
Help: Elements must meet minimum color contrast ratio thresholds
Help URL: https://dequeuniversity.com/rules/axe/4.10/color-contrastget_status
Returns server version, axe-core version, Playwright version, and update availability.
The "update available" check runs
npm view axe-core version, a one-time network call at server startup (5s timeout, non-blocking). Offline or behind a firewall it simply reports(latest)— no audit functionality depends on it.
Parameter | Type | Default | Description |
(none) | — | — | No parameters |
Example output:
axecap status
Server: @icjia/axecap v0.1.0
axe-core: v4.10.2 (latest: v4.10.2)
Playwright: v1.49.1
Node: v22.22.0
Platform: darwin arm64WCAG Conformance Level Targeting
This is the core differentiator from lightcap. WCAG conformance is cumulative: AAA includes all AA rules, which include all A rules. The level parameter handles this automatically — you don't need to think about tag composition.
| What it audits |
| Level A only |
| A + AA (everything AA compliance requires) |
| A + AA + AAA (full conformance) |
| Best practices only (not WCAG-mapped) |
Delta mode
For "what would it take to go from AA to AAA?", pass level: 'aaa' and delta: true. This returns only AAA-specific violations — the gap between your current AA compliance and full AAA conformance.
CLI (standalone usage)
AxeCap includes a standalone CLI for use outside of MCP clients:
# Install globally (or use npx)
npm install -g @icjia/axecap
# WCAG AA audit (default)
axecap audit http://localhost:3000
# WCAG AAA audit
axecap audit http://localhost:3000 --level aaa
# AAA delta (only AAA-specific violations)
axecap audit http://localhost:3000 --level aaa --delta
# Specific rules only
axecap audit http://localhost:3000 --rules color-contrast,image-alt
# Include "needs review" results
axecap audit http://localhost:3000 --include-incomplete
# Mobile viewport
axecap audit http://localhost:3000 --viewport mobile
# Wait for SPA element before auditing
axecap audit http://localhost:3000 --wait-for "#app-loaded"
# Save full JSON to directory
axecap audit http://localhost:3000 --directory ~/reports
# List AA rules
axecap rules --level aa
# Rules for a specific WCAG criterion
axecap rules --criterion 1.4.3
# Search rules
axecap rules --search contrast
# Rule detail
axecap rule-info color-contrast
# Check versions
axecap status
# Verbose logging
axecap --verbose audit http://localhost:3000When run without a subcommand, axecap starts in MCP server mode (stdio transport).
Usage examples
From Claude Code or Cursor, just ask naturally:
"Audit localhost:3000 for WCAG AA"
"Audit localhost:3000 for AAA and show only the delta from AA"
"Audit localhost:3000 with axecap, rules: aria-allowed-role"
"What axe-core rules cover WCAG criterion 1.4.3?"
"Get info on the color-contrast rule"
"Audit this HTML for accessibility: <img src='photo.jpg'>"
"What version of axecap is running?"
"Fix all critical and serious violations, then re-audit"Compression strategy
The central design principle: zero tokens on passes, maximum detail on failures.
Every tool response must be small enough that Claude retains room to reason and act. A raw axe-core result object can be 50K-500K tokens. AxeCap compresses that to ~20-2,000 tokens depending on the number of violations.
Context window impact
Scenario | Lines | Tokens (~) | vs. Raw JSON |
Clean page (0 violations) | 1 | ~20 | 99.99% smaller |
Page with 5 violations | ~20-30 | ~500 | 99.90% smaller |
Heavy violation page (30+ rules) | ~80-150 | ~2,000 | 99.60% smaller |
Rule info lookup | ~10-15 | ~200 | — |
Rule list (filtered) | ~20-40 | ~600 | — |
Raw axe-core JSON (NEVER returned) | ~5K-50K | ~50K-500K | — |
How compression works
axe-core returns deeply nested JSON with HTML snippets, full DOM node references, related nodes, and verbose any/all/none check arrays. The compression engine applies:
Violations only by default — passes and inapplicable rules skipped entirely (zero tokens)
Incomplete (needs-review) as opt-in — returned only when
includeIncomplete: trueCompact header — URL, conformance level, violation count, impact summary on one line
Impact grouping — critical/serious/moderate/minor with shorthand:
3c 5s 4m 2nCSS selectors only — no HTML snippets, no full DOM node trees
Selector deduplication —
img.card (x8)not eight separate entriesSelector truncation — capped at 60 chars
Selector sanitization — non-CSS characters stripped to prevent prompt injection
WCAG tags extracted —
wcag111->1.1.1, with conformance level:[1.1.1 A]Top N violations per impact group — configurable, default 10
Tiered element detail — critical/serious show 5 elements, moderate/minor show 3
Help URL included per rule — one-line Deque University reference link
Hard cap — 200 lines / 50,000 chars
What is never returned: raw axe JSON, full HTML snippets, DOM node trees, related node arrays, any/all/none check detail, inapplicable rules.
Why plain text, not JSON?
JSON wastes tokens on syntax ({, }, "key":, quotes). Plain structured text is ~30% fewer tokens than equivalent JSON, easier for Claude to scan, and still structured enough to act on.
Testing
# Run all tests
npm test
# Run a specific test file
node --test test/compress.test.jsThe test suite covers:
URL validation — scheme whitelist, blocking of file:/data:/javascript:/ftp: schemes
Metadata endpoint blocking — AWS, GCP, Azure cloud metadata endpoints
IP blocking — localhost bypass, full 127.x loopback range, all RFC1918 172.16-31.x ranges
waitFor validation — CSS-only enforcement, blocking of text=/xpath=/>> pseudo-selectors
Sanitization — control char stripping, newline removal, zero-width char removal, CSS-safe selector filtering
Compression — impact grouping, WCAG criterion extraction, selector deduplication, tiered element detail, delta mode filtering, output line + char limits
Rule queries — level filtering, criterion filtering, search, rule info lookup
Error sanitization — known-safe passthrough, connection/timeout/DNS mapping, path leakage prevention
Config sanity — all numeric limits positive, WCAG level tag cumulation, security constants
Local development
There is no build step. AxeCap is plain JavaScript with ES modules. The source files are what ships to npm.
Edit source files
|
v
Restart Claude Code (re-spawns the server from source)
|
v
Test by talking to Claude Code ("audit localhost:3000 for WCAG AA")
|
v
See a bug? Edit the file, restart Claude Code, repeat.Quick development setup
# 1. Clone and install
git clone https://github.com/ICJIA/axecap-mcp.git
cd axecap-mcp
npm install
npx playwright install chromium
# 2. Register your local copy with Claude Code
claude mcp add axecap -s user -- node $(pwd)/src/server.js
# 3. Restart Claude Code
# 4. Spin up a test target in another terminal
npx serve -l 3000 .
# 5. Test from Claude Code:
# "Use axecap to audit http://localhost:3000 for WCAG AA"
# "Audit localhost:3000 for AAA and show only the delta from AA"
# "What axe-core rules cover WCAG criterion 1.4.3?"After editing source files, restart Claude Code to pick up changes (the server is re-spawned fresh each startup).
Architecture
src/
├── server.js ........... MCP server init + 5 tool registrations + version tracking
├── runner.js ........... Playwright launch + axe-core injection + URL/directory validation
├── compress.js ......... axe results → compressed plain text (the core of the server)
├── rules.js ............ axe-core rule registry queries (metadata, tags, filtering)
├── cli.js .............. Commander-based standalone CLI
└── config.js ........... Constants, WCAG level tags, logging helperFile | Role |
| MCP init, Zod schemas for 5 tools, request routing, error handling |
| Playwright lifecycle, axe-core injection via |
|
|
|
|
|
|
|
|
Dependencies
Package | Purpose |
| MCP server SDK (stdio transport, tool registration) |
| Deque axe-core accessibility engine (MPL 2.0) — injected into page context |
| Browser automation (launches Chromium, navigates, runs |
| CLI subcommand parsing |
| Schema validation for MCP tool parameters |
| Peer dependency of |
Not needed (unlike lightcap):
No
lighthouse— axe-core is the engineNo
chrome-launcher— Playwright manages ChromiumNo
sharp— no image processingNo
@axe-core/playwright— we injectaxe.sourcedirectly for full control
Security
AxeCap runs locally over stdio — no network listener, no ports, no remote attack surface. Security mitigations focus on preventing SSRF, prompt injection, and resource exhaustion.
SSRF prevention
Scheme whitelist: Only
http:andhttps:URLs are allowed.file://,data:,javascript:,ftp://, and all other schemes are blocked.Metadata / unspecified-address blocklist: AWS (
169.254.169.254), GCP (metadata.google.internal), Azure (metadata.azure.com), and the unspecified addresses0.0.0.0and[::]are blocked by hostname. Genuine loopback (localhost,127.0.0.1,::1) remains allowed so local dev servers can be audited; the "all interfaces" addresses are treated as blocked, not as loopback.Private IP range blocklist: All RFC1918 ranges (
10.x,172.16–31.x,192.168.x), full loopback (127.x), "this network" (0.x), CGNAT shared space (100.64.0.0/10, RFC6598), IPv4 link-local (169.254.x), IPv6 link-local (fe80::/10), IPv6 unique-local (fullfc00::/7— both thefcandfdhalves), and IPv6 unspecified/loopback (::,::1) are blocked.IPv6-mapped IPv4 normalization: Addresses like
::ffff:169.254.169.254are normalized before classification.Multi-address DNS check: Hostnames are resolved with
{ all: true }and blocked if any returned address is private — defends against hosts that publish a mix of public and internal records.Fail-closed DNS: If hostname resolution fails, the request is blocked (not allowed).
Post-navigation URL recheck: After Playwright navigates,
page.url()is validated against the same blocklist — catches HTTP redirect chains and DNS rebinding attacks.Sub-resource filtering (
audit_url): The loaded page's own requests (images, scripts,fetch) are intercepted; any request to a metadata endpoint or private IP literal is aborted, so an audited page cannot reach the cloud metadata service or probe the LAN. Public resources (CDNs) and loopback are allowed, matching the navigation policy.HTML audit network blocking:
audit_htmlblocks all network requests viapage.route('**/*', route => route.abort()), preventing SSRF via embedded resources like<img src="http://169.254.169.254/...">.
Known limitation: DNS for hostnames is resolved once at validation time, not re-checked at connection time, and sub-resource hostnames are not re-resolved. A determined DNS-rebinding attacker controlling a domain could still target their own internal network; the metadata/private-IP-literal blocks above are the primary defense.
Prompt injection prevention
Output sanitization: All page-controlled content (CSS selectors, rule IDs) is stripped of control characters (C0/C1), newlines, zero-width chars, and BOM before being included in output.
CSS-safe selector sanitization: Selectors are additionally stripped of non-CSS characters, blocking crafted class names designed to inject instructions.
Selector truncation: CSS selectors are capped at 60 characters.
Help text truncation: Help text capped at 120 characters.
Character budget: Total output is capped at 50,000 characters (in addition to the 200-line cap).
HTML snippets never returned: axe-core's
node.htmlfield (contains raw page HTML) is never included in output — CSS selectors only.Dialog auto-dismiss:
page.on('dialog', ...)dismisses alert/confirm/prompt dialogs that could block execution.
waitFor selector validation
The waitFor parameter is restricted to CSS selectors only. Playwright pseudo-selectors (text=, xpath=, >>, css=, _react=, _vue=) are blocked.
Directory traversal prevention
Output paths are validated against the user's home directory and
/tmponly.The deepest existing ancestor directory is resolved via
realpathSyncbefore any new directories are created, preventing TOCTOU symlink swap attacks.After creation, the final path is re-verified against allowed roots (belt and suspenders).
Error message safety
Error messages returned to the AI are sanitized through an allowlist. Known safe messages pass through; common error types (connection refused, timeout, DNS failure) are mapped to generic messages; unknown errors return
'Audit failed'with details logged to stderr only.
Resource limits
Resource | Limit | Enforced By |
Concurrent audits | 2 max | runner.js (slot gate, fail-fast beyond) |
Page load timeout | 30s | Playwright |
axe-core execution timeout | 30s |
|
Total audit timeout | 60s | Promise.race in runner.js |
URL length | 2048 chars | Zod schema |
HTML input length | 500KB | Zod schema |
Directory path length | 500 chars | Zod schema |
Violations per impact group | 15 max | Zod schema + compress.js |
Elements per violation | 5 shown | compress.js |
Selector length | 60 chars | compress.js |
Help text length | 120 chars | compress.js |
Output lines | 200 max | compress.js |
Output characters | 50,000 max | compress.js |
Browser process | killed in finally | runner.js |
No raw data exposure
Full axe-core JSON is never returned to Claude. JSON can only be saved to disk (for human review) via the directory parameter. The compression engine is the only path from axe-core results to Claude's context.
Configuration flags
Flag | Description |
| Log audit timing, browser lifecycle, compression details |
| Log errors only |
ICJIA-specific usage
ADA Title II compliance (April 24, 2026 deadline)
The audit → fix → re-audit loop is the primary workflow:
You: "Audit localhost:3000 for WCAG AA with axecap"
You: "Fix all critical and serious violations"
You: "Run it again — how many violations remain?"
You: "Now show me what AAA violations exist (delta mode)"
You: "Which of those are feasible to fix?"The sia-r110 problem
For pages flagged with "All roles are invalid" from Vuetify's auto-generated role attributes:
You: "Audit localhost:3000 with axecap, rules: aria-allowed-role"This runs only the relevant rule, returning exactly the elements with invalid roles. lightcap can't do this.
Pre-deploy checks
Add to your project's CLAUDE.md:
# Deploy checklist
Before any deploy to production:
1. Run `axecap audit_url` against localhost with level AA
2. Verify 0 critical violations and 0 serious violations
3. Run `lightcap run_audit` for performance + SEO baselineClean-room notice
This project's design is informed by axe-core's public documentation, API, and rule registry. This is an original implementation. axe-core is used as a library dependency (Mozilla Public License 2.0). Playwright is used for browser automation (Apache 2.0). No code from third-party axe wrapper packages (e.g., @axe-core/cli, @axe-core/playwright, accessibility-checker) is used.
License
MIT. See LICENSE.
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/ICJIA/axecap-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server