Gives AI coding agents repository intelligence, dependency analysis, and impact insights.
The materials indicate this MCP tool primarily performs local repository indexing and querying, with no declared secrets or remote endpoints. No clear high-risk red flags are evident, but it should still be treated cautiously as a local developer tool with code-execution capability and access to repository contents. Its open-source Apache 2.0 codebase lowers overall risk, while low adoption, unknown maintenance, and sparse documentation warrant supply-chain caution.
The materials explicitly state that no keys or environment variables are required, and there is no indication of API keys, OAuth tokens, or cloud credentials. Based on the available information, the credential exposure surface appears small.
The declared remote endpoint host is 'none', and the description only mentions indexing and querying repositories. There is no evidence in the materials that user data is sent to external services, so network egress risk appears low from the stated facts.
The objective checks explicitly mark this tool as executes-code, indicating it can run code locally or start related processing workflows. This is a normal high-privilege capability for MCP/developer tools and not a high-risk red flag by itself, but it should be run in a controlled environment.
Its stated function is 'indexing repositories into a hybrid knowledge graph', which implies access to repository source code and structure, and possibly creation of local index data. This is consistent with the declared purpose, and there is no evidence of access beyond what repository analysis would normally require.
Positive signals include an auditable open-source codebase under Apache 2.0. However, the source is a third-party registry, the GitHub repository has 0 stars, maintenance status is unknown, and no README is provided, which reduces verifiability and maturity; supply-chain trust should therefore be assessed cautiously.
Copy the install command and let the AI configure it · recommended for beginners
No copy-paste install info for "OpenCodeHub MCP Server" yet — see the docs or source repo.
Using the current repository index, analyze the upstream and downstream dependencies of paymentService.processRefund. List the modules it calls, the modules that reference it, and highlight the key data flow.
A dependency map, call-chain explanation, and summary of key module relationships for the function.
If I modify the token validation logic in UserAuthMiddleware, use the repository knowledge graph to assess which APIs, services, and test files may be affected, and rank them by risk.
A list of impacted areas, explanations of why they are affected, and prioritized validation recommendations.
I want to add a report export feature to the repository. Find existing implementations related to CSV export, permission control, and async jobs, then summarize reusable components and important considerations.
Relevant code locations, contextual explanations, a list of reusable modules, and implementation recommendations.
Index codebases into Neo4j for analysis, dependency mapping, and impact assessment.
Search and navigate multiple code repositories with natural language understanding.
Get structured, read-only insights into local code repositories and project setup.
Index repositories into a persistent graph for fast code search and understanding.
Help AI agents navigate, search, and understand codebases and change history.
Build and query a codebase knowledge graph with relationships and rationale.