vikunja-mcp
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@vikunja-mcpwhat's on my task list?"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
vikunja-mcp
An MCP server for Vikunja task management, designed to work as a claude.ai / Claude Desktop custom connector — so Claude can view, add, complete, edit, and delete your tasks from the web or desktop app.
Talks to Vikunja's REST API with a personal API token. Targets Vikunja v0.24+ / v2.x (task listing via project views; updates send the full task object so nothing gets zeroed). Built with FastMCP; authentication uses GitHub OAuth via FastMCP's OAuth proxy, restricted to an allowlist of GitHub usernames.
Tools
Tool | Description |
| Show projects; marks the default |
| Create a new project |
| Open tasks (or all with |
| Full detail for one task, including notes |
| Add a task — due date, priority, notes |
| Toggle done |
| Change title / due / priority / notes |
| Permanent delete; requires |
Tasks are matched by numeric id or title substring; ambiguous matches return
candidates so the model can retry with an id. Tools without project target your
default project (VIKUNJA_DEFAULT_PROJECT, falling back to Inbox, then the first
project). Priority uses Vikunja's scale: 1 low → 5 DO NOW (higher = more urgent).
Related MCP server: Vikunja MCP Server
Setup
1. Vikunja API token
In Vikunja: Settings → API Tokens → Create a token. Grant it read/write on
Projects and Tasks (add other scopes only if you extend the server). The
token goes in VIKUNJA_API_TOKEN (or a secret file via VIKUNJA_API_TOKEN_FILE).
2. GitHub OAuth app (connector authentication)
https://github.com/settings/developers → OAuth Apps → New OAuth App.
Authorization callback URL:
https://vikunja-mcp.example.com/auth/callback(yourMCP_BASE_URL+/auth/callback).Register, generate a client secret, and set
GITHUB_CLIENT_ID/GITHUB_CLIENT_SECRET/ALLOWED_GITHUB_USERS.
Leaving the client ID/secret unset runs the server unauthenticated — local testing only.
3. Configuration reference
Variable | Required | Description |
| yes | Vikunja base URL, e.g. |
| yes | API token (or |
| no | Default project title or id (default |
| no | Timezone for due-date input/display |
| with auth | Public URL of this server |
| with auth | OAuth app credentials (or |
| with auth | Comma-separated GitHub logins allowed in |
| no |
|
| no | Redirect-URI patterns clients may register (default: claude.ai callback + localhost) |
| no | Bind address ( |
| no | OAuth client-registration storage ( |
4. Run it
See compose.example.yml. Expose it publicly at
MCP_BASE_URL through your reverse proxy; optionally restrict ingress to Anthropic's
egress range (160.79.104.0/21). Persist /data or connected clients must
re-authorize after every restart.
5. Verify, then connect Claude
npx @modelcontextprotocol/inspector # → https://vikunja-mcp.example.com/mcpThen claude.ai (or Claude Desktop) → Settings → Connectors → Add custom connector with the same URL. You'll land on GitHub's authorize page; approve, and the tools appear. Ask Claude: "what's on my task list?"
Why CONSENT_MODE=external is the default
FastMCP's built-in consent page (as of 3.4.4) regenerates its CSRF token on every GET
of the consent URL. Browsers and claude.ai routinely prefetch that URL, invalidating
the token the visible page holds, so submitting the form fails with "Invalid or
expired consent token". external skips that page and delegates consent to GitHub's
own authorization screen. The client redirect-URI allowlist (claude.ai + localhost by
default) prevents the classic risk of a consent-less flow — an arbitrary
dynamically-registered client silently capturing an authorization code.
Failure modes
401 from Vikunja → the API token is wrong, expired, or revoked; create a new one.
403 from Vikunja → the token is missing a scope for that operation — recreate it with Projects + Tasks read/write.
GitHub login succeeds but tools are denied → your login isn't in
ALLOWED_GITHUB_USERS(check logs fordenied authenticated GitHub user).Connector breaks after a redeploy →
/datawasn't persisted, or the GitHub client secret changed (registration storage is keyed to it). Re-add the connector.
Development
uv sync
uv run pytestLicense
MIT
This server cannot be installed
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/crosbyh/vikunja-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server