io.github.jztan/redmine-mcp-server

io.github.jztan/redmine-mcp-server·v2.3.0·Security

Production-ready MCP server for Redmine with security, pagination, and enterprise features

Trust verdict · v1 advisory · method

NOT YET SCREENEDno verdict on file

Verdict not yet evaluated for this tool. The semantic screen takes adversarial cases first; coverage rolls out as the corpus expands (15/150 labels to graduation). The deterministic conformance probe is built but has not yet run on the public corpus, so a recorded verdict here is REVIEW or UNVERIFIED, never a clearing ALLOW. Until a verdict is recorded, an agent should treat this tool as not-yet-cleared and fall back to its own checks. Method: the eval, four-state verdict, honest limits.

Own this server? Screen its description →

Environment variables

REDMINE_URL

required

URL of your Redmine server (e.g., https://your-redmine-server.com)

REDMINE_USERNAME

Redmine username for authentication (alternative to API key)

REDMINE_PASSWORD

secret

Redmine password for authentication (alternative to API key)

REDMINE_API_KEY

secret

Redmine API key for authentication (alternative to username/password)

SERVER_HOST

Host address for the MCP server (default: 0.0.0.0)

SERVER_PORT

Port for the MCP server (default: 8000)

PUBLIC_HOST

Public hostname for file download URLs (default: localhost)

PUBLIC_PORT

Public port for file download URLs (default: 8000)

ATTACHMENTS_DIR

Directory for storing downloaded attachments (default: ./attachments)

AUTO_CLEANUP_ENABLED

Enable automatic cleanup of expired files (default: true)

CLEANUP_INTERVAL_MINUTES

Interval between cleanup runs in minutes (default: 10)

ATTACHMENT_EXPIRES_MINUTES

Default expiry time for attachments in minutes (default: 60)

MCP quality score · maturity, not trust · methodology

freshness

completeness

installability

documentation

stability

Alternatives in Security

ai.dynamicfeed/dynamic-feed

87 keyless tools of live, verifiable data for AI: weather, hazards, space, CVEs. Ed25519-signed.

Helixar Security

ai.helixar/mcp

Security tools for AI agents: scan MCP servers, validate HDP delegation chains, audit releases.

RFP.ai

ai.rfp/rfp-ai

Draft cited RFP and security questionnaire answers from your knowledge base, with human review

Install

Claude Desktop (uvx)

{
  "mcpServers": {
    "redmine-mcp-server": {
      "command": "uvx",
      "args": [
        "redmine-mcp-server"
      ],
      "env": {
        "REDMINE_URL": "<redmine_url>",
        "REDMINE_USERNAME": "<redmine_username>",
        "REDMINE_PASSWORD": "<your-redmine_password>",
        "REDMINE_API_KEY": "<your-redmine_api_key>",
        "SERVER_HOST": "0.0.0.0",
        "SERVER_PORT": "8000",
        "PUBLIC_HOST": "localhost",
        "PUBLIC_PORT": "8000",
        "ATTACHMENTS_DIR": "./attachments",
        "AUTO_CLEANUP_ENABLED": "true",
        "CLEANUP_INTERVAL_MINUTES": "10",
        "ATTACHMENT_EXPIRES_MINUTES": "60"
      }
    }
  }
}

Verdict API

curl -s mcpindex.ai/api/v1/trust/server/io-github-jztan-redmine-mcp-server

Free-tier verdict as JSON: decision + dimensions + severity. Call it from your agent before it invokes a tool it just discovered.

Details

version: v2.3.0
category: Security
quality: 85 / 100
operator: jztan

Provenance

Verdict history is anchored to Bitcoin via OpenTimestamps. The free tier returns the current verdict only; the anchored record is served on the authenticated tier.

Links

Repository →