经 AI Skill Hub 精选评估,MCP工具 获评「强烈推荐」。这款MCP工具在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 8.0 分,适合有一定技术背景的用户使用。
MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
MCP工具 是一款遵循 MCP(Model Context Protocol)标准协议的 AI 工具扩展。通过 MCP 协议,它可以让 Claude、Cursor 等主流 AI 客户端直接访问和操作外部工具、数据源和服务,实现 AI 能力的无缝扩展。无论是文件操作、数据库查询还是 API 调用,都可以通过自然语言在 AI 对话中直接触发,极大提升生产效率。
# 方式一:通过 Claude Code CLI 一键安装
claude skill install https://github.com/max-rousseau/codeforge-mcp
# 方式二:手动配置 claude_desktop_config.json
{
"mcpServers": {
"mcp--": {
"command": "npx",
"args": ["-y", "codeforge-mcp"]
}
}
}
# 配置文件位置
# macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
# Windows: %APPDATA%/Claude/claude_desktop_config.json
# 安装后在 Claude 对话中直接使用 # 示例: 用户: 请帮我用 MCP工具 执行以下任务... Claude: [自动调用 MCP工具 MCP 工具处理请求] # 查看可用工具列表 # 在 Claude 中输入:"列出所有可用的 MCP 工具"
// claude_desktop_config.json 配置示例
{
"mcpServers": {
"mcp__": {
"command": "npx",
"args": ["-y", "codeforge-mcp"],
"env": {
// "API_KEY": "your-api-key-here"
}
}
}
}
// 保存后重启 Claude Desktop 生效
"I don't have preferences — but if I did, writing one fetch() would beat chaining ten tool calls every time." — Claude
CodeForge is a self-hosted MCP server that exposes a single primary tool — execute_code — backed by an isolated Deno TypeScript sandbox with transparent, network-layer credential injection. An agent connected to CodeForge writes one block of TypeScript per turn that can call any number of REST APIs via fetch(), join their responses in-process, and return only the final answer to the model. Adding a new API is a config.json and a rebuild — no per-API MCP server, no typed binding generation, no SDK shim.
fetch() against documented hosts. One MCP server reaches every REST API on the public internet.config.json with domains and a credential map, optionally a types.d.ts for sandbox completions and a reference URL for runtime doc lookup, rebuild. No per-API MCP server, no typed binding, no SDK wrapper.npx mcp-remote)```bash git clone <repo-url> cd mcp-codeforge
docker compose up --build -d
The client writes one TypeScript script that calls multiple APIs and processes data locally:
// Fetch orders from Shopify
const orders = await fetch("https://api.shopify.com/admin/api/2024-01/orders.json", {
headers: { "X-Shopify-Access-Token": "SHOPIFY_AUTH_TOKEN" }
}).then(r => r.json());
// Fetch corresponding payments from Stripe
const payments = await Promise.all(
orders.orders.map(o =>
fetch(`https://api.stripe.com/v1/payment_intents/${o.payment_id}`, {
headers: { "Authorization": "Bearer STRIPE_AUTH_TOKEN" }
}).then(r => r.json())
)
);
// Process locally — no tokens wasted sending raw data back to the LLM
const mismatches = orders.orders.filter((o, i) =>
o.total_price !== payments[i].amount / 100
);
console.log(JSON.stringify({ total: orders.orders.length, mismatches }));One code block, one inference pass, multiple API calls, data joined in the sandbox. The proxy transparently substitutes STRIPE_AUTH_TOKEN and SHOPIFY_AUTH_TOKEN with real credentials on the wire.
For Claude Desktop or any MCP client that takes a JSON config:
{
"mcpServers": {
"codeforge": {
"command": "npx",
"args": ["mcp-remote", "http://localhost:8080/mcp"]
}
}
}For Claude Code (CLI), one command. Add --scope user to make CodeForge available in every project you open, not just the current one:
```bash
cp .env.example .env
cp apis/example/config.json.example apis/myservice/config.json
Most "let the agent call REST APIs" patterns force a trade-off: either the agent sees real credentials (and so does any model context that handles them), or every API gets wrapped in a hand-rolled MCP server that holds the secret server-side and exposes it through curated tools. CodeForge takes a third path. Sandboxed code references credentials by name — STRIPE_AUTH_TOKEN, SHOPIFY_AUTH_TOKEN — as ordinary string literals in fetch() calls. A transparent mitmproxy on the sandbox's default route substitutes the real value per destination host on outbound and reverses the substitution on inbound, scoped so a token literal sent to any unconfigured host passes through unchanged. Real credentials live only in gitignored apis/*/config.json files and proxy process memory — never in the model's context window, never in the sandbox process, never in the logs. A prompt injection that exfiltrates everything the sandbox can see leaks token names, not real secrets. The sandbox can use authenticated APIs without ever being trusted with the keys to them. (Full mechanics in Secret Protection below.)
A working script is not throwaway. CodeForge gives the sandbox a persistent /skills volume surfaced through MCP resources and a run_skill prompt — directly aligned with Anthropic's Equipping agents for the real world with Agent Skills progressive-disclosure model: load the skill body only when invoked, not on every session init.
Pair that with the single-sandbox-N-APIs design and skills become durable, deterministic automations that span multiple authenticated services. Both Anthropic and Cloudflare touch on the underlying point — Anthropic's post argues that intermediate results staying in the execution environment is what lets sensitive data flow through a workflow without entering model context; Cloudflare's Code Mode posts emphasize that an agent can compose many calls in one execution and return only the data it needs. CodeForge takes both observations to their natural endpoint: a single skill can fetch from Salesforce, enrich via Clearbit, open a Linear ticket, post to Slack, and write a row to BigQuery — five authenticated APIs, composed in-process — and return only {"status":"ok","ticket_id":"ENG-1234"} to the model. None of the raw payloads enter the LLM's context. The model invokes the skill by name, observes one line of output, and decides what to do next.
The result is a clean separation between the deterministic part of a workflow (in code, in a saved skill) and the open-ended reasoning (in the model), with per-call savings inside a session and per-skill savings across sessions stacking on top.
1. Create apis/<name>/config.json:
{
"description": "Service description",
"domains": ["api.example.com"],
"credentials": {
"EXAMPLE_AUTH_TOKEN": "your_real_key_here"
},
"reference": "https://docs.example.com/api",
"restricted_methods": ["POST", "PUT", "DELETE"],
"active": true
}
reference (optional, may be null): URL to the upstream API docs or OpenAPI spec. Surfaced via list_apis so the agent can fetch and read it before writing code. - restricted_methods (optional): list of HTTP verbs the proxy synthetically 403s for this API's domains. Use it to make write-dangerous APIs read-only at the network layer. Omit or leave empty to allow all methods. - active (optional, defaults to true): set to false to hide the API from list_apis and drop its domains from the Deno --allow-net allowlist without deleting the config. 2. Optionally add types.d.ts alongside the config for typed completions in the sandbox (loaded via the apis parameter on execute_code). 3. Rebuild to pick up the new config: ./rebuild.sh (or docker compose up -d --build). The apis/ directory is baked into the mcp-server and proxy images at build time — there is no runtime reload.
高质量的MCP工具,值得关注
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ BSD 3-Clause — 宽松协议,可商用修改分发,禁止使用原作者名称进行背书宣传。
AI Skill Hub 点评:MCP工具 的核心功能完整,质量优秀。对于Claude Desktop / Claude Code 用户来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | codeforge-mcp |
| Topics | mcpai-agentstypescript |
| GitHub | https://github.com/max-rousseau/codeforge-mcp |
| License | BSD-3-Clause |
| 语言 | TypeScript |
收录时间:2026-05-31 · 更新时间:2026-05-31 · License:BSD-3-Clause · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端