Access Sherweb Partner APIs with local SQLite for offline analytics and automation.
This MCP tool comes from an official registry entry and is open source, with no clear high-risk red flags in the provided materials. However, it requires multiple Sherweb credentials, can execute code, and declares a local SQLite store plus Sherweb Partner API capabilities, so it should be deployed with least privilege and proper secret isolation.
It requires SHERWEB_CLIENT_ID, SHERWEB_CLIENT_SECRET, SHERWEB_OAUTH_SCOPE, and SHERWEB_SUBSCRIPTION_KEY. In particular, the client secret and subscription key are sensitive and could be abused to call Sherweb-related APIs if exposed; the materials do not describe secret storage, rotation, or scope minimization.
No specific remote hosts are listed, but the description says it supports 'Every Sherweb Partner API capability,' so it is reasonable to infer network calls to Sherweb-related APIs. There is no clear evidence of exfiltration to unrelated or unknown third-party endpoints, but the endpoint inventory and data sent are not transparent.
The system indicates that this tool executes code/spawns processes. For an MCP tool, this is a normal capability; the provided materials do not show requests for unusual system privileges or execution behavior clearly disproportionate to its stated purpose, but it should still run in a constrained environment.
The description explicitly mentions a 'local SQLite store' and 'offline analytics,' indicating local data persistence and analysis. Known data access at minimum includes a local SQLite database; the materials do not specify schema, retention period, whether user/business data is stored, or cleanup behavior, so the scope of local data at rest should be reviewed.
It comes from an official registry source and has an auditable open-source repository with updates within the past year, which are meaningful risk-reducing signals. Although the README is absent, the license is unspecified, and community adoption is low, there are currently no high-risk red flags such as closed-source exfiltration, malicious injection, or clear abandonment.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "Sherweb MCP" yet — see the docs or source repo.
Sync the last 90 days of orders, customers, and subscription data from the Sherweb Partner API into local SQLite, then generate a monthly analysis of revenue, renewal rate, and customer growth.
An analysis based on local data with key metric summaries and trend insights.
Find all customer subscriptions expiring within 30 days, organize them into a table, and flag high-value customers and accounts needing priority follow-up.
An actionable renewal follow-up list with customers, expiration dates, and priority flags.
Using the local SQLite data, create an operations report covering active customers, product distribution, order changes, and unusual fluctuations, then provide brief conclusions.
A structured operations report with statistics, anomaly alerts, and brief conclusions.
Triage RocketCyber alerts, track MTTR, and analyze security posture.
Sync ConnectWise Automate data to SQLite for offline cross-client RMM analysis.
Access email threats, investigate cases, and generate reports in terminal or AI agents.
Let your AI agent manage PagerDuty alerts, incidents, and on-call workflows.
Sync Veeam console tenants to local SQLite for offline backup insights.
Triage backups, detect stale snapshots, and analyze backup health across engines.
Access Sherweb billing, subscriptions, customers, and product catalog data.
Manage Sherweb subscriptions and orders with OpenID Connect authentication.
Query local sales data and investigate anomalies with an inline review dashboard.
Browse catalogs, search products, and look up orders in Webless storefronts.
Helps developers explore and implement Partner Center REST APIs with guidance.
Connect to Shopee LatAm Partner API for orders, products, shipping, and returns.