npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

sikkerkey-mcp

v1.0.6

Published

SikkerKey MCP server — manage your vault from Claude Code, Codex, Cursor, and other MCP-compatible AI clients

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

sikkerkeyofficialsikkerkeyofficial

Keywords

mcpmodel-context-protocolaiclaudecodexcursorsecretsvaultsikkerkey

Readme

SikkerKey MCP

The official Model Context Protocol server for SikkerKey — manage your vault from Claude Code, Codex, Cursor, and other MCP-compatible AI clients without ever giving the AI access to plaintext secret values.

The server runs locally as a child process of your AI client, authenticates to SikkerKey on every call with an Ed25519 signed request, and exposes 16 management tools (projects, secrets, policies, canaries, machines, AI agents, audit, alerts, webhooks, support, and more). The agent's private key never leaves the machine, and no tool returns the plaintext content of a stored secret.

Installation

npm install -g sikkerkey-mcp

Or run without installing:

npx sikkerkey-mcp <subcommand>

Quick Start

1. Provision an AI agent

In the SikkerKey dashboard, go to Machines → AI Agents and click Bootstrap AI agent. Pick the scopes the agent should hold and an optional project allowlist. The dashboard issues a one-time bootstrap token. Copy it.

2. Register on your machine

sikkerkey-mcp install <token>

The binary generates an Ed25519 keypair locally, sends only the public key to SikkerKey, and stores the keypair at ~/.sikkerkey/agents/<agentId>/. The private key never leaves your machine. The agent enters the pending state — approve it from the dashboard to activate.

3. Wire it up to your AI client

The config subcommand prints a ready-to-paste config block for the supported clients:

sikkerkey-mcp config claude-code
sikkerkey-mcp config claude-desktop
sikkerkey-mcp config cursor
sikkerkey-mcp config codex

Paste the printed block into the client's MCP config file (path is included in the output) and restart the client. The SikkerKey tools appear immediately.

4. Verify

Restart your AI client and ask it to call whoami. The first signed call exercises the full path: AI client invokes the binary, MCP signs the request, server validates the signature and the agent's scope set, returns metadata.

Subcommands

| Command | Description | |---------|-------------| | install <token> [-name=<name>] | Bootstrap an AI agent identity from a dashboard-issued token | | whoami | List locally registered agents | | revoke [agentId] | Remove a local agent slot (does not unregister on the server) | | config <client> | Print the MCP config block for the named AI client | | serve | Run as MCP server over stdio (the path AI clients invoke) |

Run with no subcommand to start the MCP server (same as serve).

Plaintext Contract

The MCP surface is read-blind on stored secret values. No tool returns the plaintext of an existing secret. Write actions (create, update_value, rotate, dynamic_create) accept plaintext as input, encrypt it server-side with envelope encryption, and never round-trip the value back. The single exception is manage_temporary_secrets.create, which returns a one-shot share-link credential intended for a human recipient.

AI agents are a separate identity class from machines — the MCP server's signed requests cannot authenticate as a machine, and the runtime SDK / CLI surface that machines use is not reachable through any tool. See Security Model for the full contract.

Supported AI Clients

| Client | Config target | |--------|--------------| | Claude Code | ~/.claude.json (user-scoped) or .mcp.json (project-scoped) | | Claude Desktop | claude_desktop_config.json (OS-specific path) | | Cursor | ~/.cursor/mcp.json (user) or .cursor/mcp.json (project) | | Codex | ~/.codex/config.toml |

Any other MCP-over-stdio client also works — point it at sikkerkey-mcp serve and set SIKKERKEY_AGENT_ID in the environment.

Supported Platforms

| OS | Architecture | |----|-------------| | Linux | x64, arm64 | | macOS | x64, arm64 (Apple Silicon) | | Windows | x64 |

Environment Variables

| Variable | Purpose | |----------|---------| | SIKKERKEY_AGENT_ID | Selects which local agent identity the server runs as. Required when more than one agent is registered on this host. | | SIKKERKEY_API_URL | Override the API base URL. Defaults to https://api.sikkerkey.com. | | SIKKERKEY_HOME | Override the identity root. Defaults to ~/.sikkerkey. |

Documentation

Full documentation: docs.sikkerkey.com