
Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
graphlit-mcp-server
Advanced tools
The Model Context Protocol (MCP) Server enables integration between MCP clients and the Graphlit service. This document outlines the setup process and provides a basic example of using the client.
Ingest anything from Slack, Discord, websites, Google Drive, email, Jira, Linear or GitHub into a Graphlit project - and then search and retrieve relevant knowledge within an MCP client like Cursor, Windsurf, Goose or Cline.
Your Graphlit project acts as a searchable, and RAG-ready knowledge base across all your developer and product management tools.
Documents (PDF, DOCX, PPTX, etc.) and HTML web pages will be extracted to Markdown upon ingestion. Audio and video files will be transcribed upon ingestion.
Web crawling and web search are built-in as MCP tools, with no need to integrate other tools like Firecrawl, Exa, etc. separately.
You can read more about the MCP Server use cases and features on our blog.
Watch our latest YouTube video on using the Graphlit MCP Server with the Goose MCP client.
For any questions on using the MCP Server, please join our Discord community and post on the #mcp channel.
Before you begin, ensure you have the following:
The Graphlit MCP Server supports environment variables to be set for authentication and configuration:
GRAPHLIT_ENVIRONMENT_ID
: Your environment ID.GRAPHLIT_ORGANIZATION_ID
: Your organization ID.GRAPHLIT_JWT_SECRET
: Your JWT secret for signing the JWT token.You can find these values in the API settings dashboard on the Graphlit Platform.
For quick installation, use one of the one-click install buttons below:
For manual installation, add the following JSON block to your User Settings (JSON) file in VS Code. You can do this by pressing Ctrl + Shift + P
and typing Preferences: Open User Settings (JSON)
.
Optionally, you can add it to a file called .vscode/mcp.json
in your workspace. This will allow you to share the configuration with others.
Note that the
mcp
key is not needed in the.vscode/mcp.json
file.
{
"mcp": {
"inputs": [
{
"type": "promptString",
"id": "organization_id",
"description": "Graphlit Organization ID",
"password": true
},
{
"type": "promptString",
"id": "environment_id",
"description": "Graphlit Environment ID",
"password": true
},
{
"type": "promptString",
"id": "jwt_secret",
"description": "Graphlit JWT Secret",
"password": true
}
],
"servers": {
"graphlit": {
"command": "npx",
"args": ["-y", "graphlit-mcp-server"],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "${input:organization_id}",
"GRAPHLIT_ENVIRONMENT_ID": "${input:environment_id}",
"GRAPHLIT_JWT_SECRET": "${input:jwt_secret}"
}
}
}
}
}
To install graphlit-mcp-server in Windsurf IDE application, Cline should use NPX:
npx -y graphlit-mcp-server
Your mcp_config.json file should be configured similar to:
{
"mcpServers": {
"graphlit-mcp-server": {
"command": "npx",
"args": [
"-y",
"graphlit-mcp-server"
],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "your-organization-id",
"GRAPHLIT_ENVIRONMENT_ID": "your-environment-id",
"GRAPHLIT_JWT_SECRET": "your-jwt-secret",
}
}
}
}
To install graphlit-mcp-server in Cline IDE application, Cline should use NPX:
npx -y graphlit-mcp-server
Your cline_mcp_settings.json file should be configured similar to:
{
"mcpServers": {
"graphlit-mcp-server": {
"command": "npx",
"args": [
"-y",
"graphlit-mcp-server"
],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "your-organization-id",
"GRAPHLIT_ENVIRONMENT_ID": "your-environment-id",
"GRAPHLIT_JWT_SECRET": "your-jwt-secret",
}
}
}
}
To install graphlit-mcp-server in Cursor IDE application, Cursor should use NPX:
npx -y graphlit-mcp-server
Your mcp.json file should be configured similar to:
{
"mcpServers": {
"graphlit-mcp-server": {
"command": "npx",
"args": [
"-y",
"graphlit-mcp-server"
],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "your-organization-id",
"GRAPHLIT_ENVIRONMENT_ID": "your-environment-id",
"GRAPHLIT_JWT_SECRET": "your-jwt-secret",
}
}
}
}
To install graphlit-mcp-server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install @graphlit/graphlit-mcp-server --client claude
To use the Graphlit MCP Server in any MCP client application, use:
{
"mcpServers": {
"graphlit-mcp-server": {
"command": "npx",
"args": [
"-y",
"graphlit-mcp-server"
],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "your-organization-id",
"GRAPHLIT_ENVIRONMENT_ID": "your-environment-id",
"GRAPHLIT_JWT_SECRET": "your-jwt-secret",
}
}
}
}
Optionally, you can configure the credentials for data connectors, such as Slack, Google Email and Notion. Only GRAPHLIT_ORGANIZATION_ID, GRAPHLIT_ENVIRONMENT_ID and GRAPHLIT_JWT_SECRET are required.
{
"mcpServers": {
"graphlit-mcp-server": {
"command": "npx",
"args": [
"-y",
"graphlit-mcp-server"
],
"env": {
"GRAPHLIT_ORGANIZATION_ID": "your-organization-id",
"GRAPHLIT_ENVIRONMENT_ID": "your-environment-id",
"GRAPHLIT_JWT_SECRET": "your-jwt-secret",
"SLACK_BOT_TOKEN": "your-slack-bot-token",
"DISCORD_BOT_TOKEN": "your-discord-bot-token",
"TWITTER_TOKEN": "your-twitter-token",
"GOOGLE_EMAIL_REFRESH_TOKEN": "your-google-refresh-token",
"GOOGLE_EMAIL_CLIENT_ID": "your-google-client-id",
"GOOGLE_EMAIL_CLIENT_SECRET": "your-google-client-secret",
"LINEAR_API_KEY": "your-linear-api-key",
"GITHUB_PERSONAL_ACCESS_TOKEN": "your-github-pat",
"JIRA_EMAIL": "your-jira-email",
"JIRA_TOKEN": "your-jira-token",
"NOTION_API_KEY": "your-notion-api-key"
}
}
}
}
NOTE: when running 'npx' on Windows, you may need to explicitly call npx via the command prompt.
"command": "C:\\Windows\\System32\\cmd.exe /c npx"
Please refer to the Graphlit API Documentation.
For support with the Graphlit MCP Server, please submit a GitHub Issue.
For further support with the Graphlit Platform, please join our Discord community.
FAQs
Graphlit MCP Server
The npm package graphlit-mcp-server receives a total of 1,038 weekly downloads. As such, graphlit-mcp-server popularity was classified as popular.
We found that graphlit-mcp-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
Product
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
Security News
Research
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.