Model Context Protocol moderate risk

Circleci

The CircleCI MCP server enables interaction with CircleCI pipelines and resources using natural language via the Model Context Protocol.

Connections & Capabilities

Connects To

GitHubDockerAWS

Capabilities

readwriteexec

Quickstart

Install

npx -y @smithery/cli install @CircleCI-Public/mcp-server-circleci --client claude

Config

{
  "mcpServers": {
    "circleci-mcp-server": {
      "command": "npx",
      "args": ["-y", "@circleci/mcp-server-circleci@latest"],
      "env": {
        "CIRCLECI_TOKEN": "your-circleci-token",
        "CIRCLECI_BASE_URL": "https://circleci.com", // Optional - required for on-prem customers only
        "MAX_MCP_OUTPUT_LENGTH": "50000" // Optional - maximum output length for MCP responses (default: 50000)
      }
    }
  }
}

Exposed MCP Tools (5)

safe

get_pipeline_logs

Retrieves logs from a specified CircleCI pipeline.

Read-only operation; retrieves existing logs.

moderate

trigger_pipeline

Triggers a new CircleCI pipeline run.

Initiates a new pipeline execution, potentially consuming resources.

moderate

cancel_pipeline

Cancels a running CircleCI pipeline.

Stops a running pipeline, potentially interrupting workflows.

moderate

approve_workflow

Approves a pending CircleCI workflow.

Approves a workflow, potentially triggering further actions.

safe

list_pipelines

Lists available CircleCI pipelines.

Read-only operation; lists existing pipelines.

Safety Assessment

The CircleCI MCP server's safety depends on the security of the CircleCI API token. While it offers some configuration options to limit exposure, the potential for write operations means careful token management is crucial. Using a token with limited scope and monitoring its usage are recommended.

Requires a CircleCI API token for authentication.
Supports setting a maximum output length to limit response sizes.
Can be configured to use a self-managed remote server, reducing local exposure.
Primarily interacts with CircleCI's API, limiting direct system access.

API token compromise could lead to unauthorized CircleCI actions.
Improperly configured remote servers could expose the MCP server to external threats.
Lack of explicit RBAC within the MCP server means the token's permissions are fully utilized.
Write operations on CircleCI resources are possible, increasing risk.