Research
PyPI Package Disguised as Instagram Growth Tool Harvests User Credentials
A deceptive PyPI package posing as an Instagram growth tool collects user credentials and sends them to third-party bot services.
By Kush Pandya - Jun 06, 2025
🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more →
- Maintainers
- 1
Norman Finance MCP Server
This Model Context Protocol (MCP) server enables AI to interact with the Norman Finance API, allowing access to accounting, invoices, companies, clients, taxes, and more through a standardized protocol.
[!NOTE]
The Norman Finance MCP Server is currently in Beta. We welcome your feedback and encourage you to report any bugs by opening an issue here.
Features
- 🔐 Authentication: Securely authenticate with the Norman Finance account
- 💼 Company Management: Manage your company details, get company balance, VAT insgihts, etc
- 📊 Accounting: Keep an eye on your transactions, categorization
- 📝 (e-)Invoicing: Make, view, send, and handle invoices. You can even set up recurring ones based on your contracts
- 👥 Client Management: Create and manage your clients (CRM)
- 💰 Taxes: View tax information and reports, generate official Finanzamt PDF previews and file your taxes
- 📄 Documents: Upload and manage attachments (receipts, invoices, docs, etc)
👇 Use case examples with Claude Desktop — toggle
|
Filing VAT tax report |
Getting transaction insights |
|
Syncing Stripe payments with Norman |
Creating transactions using Gmail receipts |
|
Managing overdue invoices - 1 |
Managing overdue invoices - 2 |
Prerequisites
Before using this MCP server, you need to:
- Create an account on Norman Finance
- Have your email and password ready for authentication
Remote MCP Server
Norman now offers a hosted remote MCP server at:
The remote MCP is recommended because it utilizes OAuth authentication, enabling you to log in directly with your Norman account without the need to create or manage access tokens manually.
Installation
Using Claude Desktop with the Norman MCP Server
To run the Norman Finance MCP server with Claude Desktop, follow these steps:
1. Download and Configure Claude Desktop
-
Download Claude Desktop.
-
Launch Claude and navigate to: Settings > Developer > Edit Config.
-
Update your
claude_desktop_config.jsonfile with the following configuration:
Remote MCP
{
"mcpServers": {
"norman-mcp-server": {
"command": "npx",
"args": ["mcp-remote", "https://mcp.norman.finance/sse"]
}
}
}
Local MCP
Install uv
Follow the instructions here: Installing uv
{
"mcpServers": {
"norman-mcp-server": {
"command": "<home_path>/.local/bin/uvx",
"args": [
"--from",
"norman-mcp-server@latest",
"norman-mcp"
],
"env": {
"NORMAN_EMAIL": "your-email@example.com",
"NORMAN_PASSWORD": "your-password",
"NORMAN_ENVIRONMENT": "production"
}
}
}
}
Configuration
Authentication Methods
The Norman MCP server supports two authentication methods:
1. OAuth Authentication (for SSE transport)
When using the server with MCP Inspector, Claude, or other SSE clients, the server uses OAuth 2.0 authentication:
-
Start the server with SSE transport:
python -m norman_mcp --transport sse -
When connecting to the server, you'll be directed to a login page
-
Enter your Norman Finance credentials
-
You'll be redirected back to your application with authentication tokens
2. Environment Variables (for stdio transport)
When using the server with Claude Desktop or stdin/stdout communication, provide credentials through environment variables:
# .env
NORMAN_EMAIL=your-email@example.com
NORMAN_PASSWORD=your-password
NORMAN_ENVIRONMENT=production # or "sandbox" for the development environment
NORMAN_API_TIMEOUT=200 # Request timeout in seconds
Environment Variables
The server can be configured using these environment variables:
# Authentication (for stdio transport)
NORMAN_EMAIL=your-email@example.com
NORMAN_PASSWORD=your-password
NORMAN_ENVIRONMENT=production # or "sandbox" for the development environment
# Server configuration
NORMAN_MCP_HOST=0.0.0.0 # Host to bind to
NORMAN_MCP_PORT=3001 # Port to bind to
NORMAN_MCP_PUBLIC_URL=http://example.com # Public URL for OAuth callbacks (important for remote access)
NORMAN_API_TIMEOUT=200 # Request timeout in seconds
Development
This section is for contributors who want to develop or extend the Norman Finance MCP server.
Local setup
git clone https://github.com/norman-finance/norman-mcp-server.git
cd norman-mcp-server
pip install -e .
Then update your claude_desktop_config.json file to point to the Python module directly:
{
"mcpServers": {
"norman-mcp-server": {
"command": "<path_to_your_python>/python",
"args": ["-m", "norman_mcp"],
"env": {
"NORMAN_EMAIL": "your-email@example.com",
"NORMAN_PASSWORD": "your-password",
"NORMAN_ENVIRONMENT": "production"
}
}
}
}
Do you have a feature idea or something you'd like to see? Share your suggestion
Make business effortless
FAQs
A Model Context Protocol (MCP) server for Norman Finance API
We found that norman-mcp-server demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Socket Now Supports pylock.toml Files
Socket now supports pylock.toml, enabling secure, reproducible Python builds with advanced scanning and full alignment with PEP 751's new standard.
By Trevor Norris - Jun 05, 2025
Security News
Research
Destructive npm Packages Disguised as Utilities Enable Remote System Wipe
Socket uncovered two npm packages that register hidden HTTP endpoints to delete all files on command.
By Kush Pandya - Jun 05, 2025