stillvault-mcp

Overview Schema Related Servers Score Discussions

Run a command with a Stillvault secret

stillvault_run

Run a local command, resolving stillvault:// secret references after a human approves the release. The secret is injected into the child process and never returned to you.

Instructions

PREFERRED way to use a secret. Runs a local command, resolving any stillvault://<path> references after a named human approves the release. The secret is injected into the child process and is NEVER returned to you or shown in this conversation — you get only the command's output. The call blocks until a human approves on their device (or times out). Examples: run psql with stillvault://db/prod/dsn as an argument, or curl an API with a key in a header. Prefer this over stillvault_reveal whenever you just need to use the secret rather than read its value.

Input Schema

TableJSON Schema

Name	Required	Description
`command`	Yes	The executable to run, e.g. "psql", "curl", or "./deploy.sh".
`args`	No	Arguments to pass. Any `stillvault://<path>` here is replaced with the secret value after approval. To embed a reference inside a longer string, wrap it: `{{stillvault://<path>}}` (e.g. `url={{stillvault://api/base}}/v1`). Ignored for substitution when `secret_env` is used.
`secret_env`	No	Environment variables for the child whose VALUES contain `stillvault://<path>` references (e.g. {"DATABASE_URL": "stillvault://db/prod/dsn"}). Using this switches to the safer mode where secrets go in the child's environment, not its command line. In this mode, references in `args` are passed through literally.

Tool Definition Quality

A4.9/5.0

Behavior5/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden. It discloses that secrets are never returned, only output is shown, and that the call blocks for human approval. This fully informs the agent of the tool's safety and behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and front-loaded with the key purpose. It is slightly verbose but every sentence adds value, including examples and edge cases. A minor reduction for not being as terse as possible, but still very efficient.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (secrets, human approval, multiple param modes), the description covers all necessary aspects: blocking, injection, substitution syntax, and comparison with sibling. No output schema is needed as output is command-dependent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

All three parameters have schema descriptions, and the description adds significant value beyond them: explains substitution syntax, secret_env mode, and when args are ignored. This enriches the agent's understanding beyond the structured schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool runs a local command with a secret from Stillvault, distinguishing it from stillvault_reveal by specifying when to use each. The verb 'run' and resource 'command with secret' are explicit.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly says to prefer this over stillvault_reveal for using secrets, and provides examples (psql, curl). It also notes the human approval step and blocking behavior, giving clear context for when to invoke this tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Wolstapp/stillvault-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server