tl-openmeter-api-mcp-server
Facilitates interaction with a local OpenMeter instance, enabling AI assistants to manage meters, customers, and subscriptions effectively.
Install this skill
Security score
The tl-openmeter-api-mcp-server skill was audited on Jun 15, 2026 and we found 13 security issues across 4 threat categories, including 1 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 174 | `OpenMeter customer not found: ${customerId}. ` + |
Template literal with variable interpolation in command context
| 211 | `${baseUrl}/api/v1/customers?page=${page}&pageSize=${pageSize}` |
Template literal with variable interpolation in command context
| 248 | const response = await fetch(`${baseUrl}/api/v1/events`, { |
Template literal with variable interpolation in command context
| 254 | return { content: [{ type: 'text', text: `Ingested ${events.length} events` }] }; |
Webhook reference - potential data exfiltration
| 32 | | **tl-openmeter-local-dev** | Local dev setup: Docker, ngrok, Stripe App, webhooks | |
Ngrok tunnel reference
| 32 | | **tl-openmeter-local-dev** | Local dev setup: Docker, ngrok, Stripe App, webhooks | |
Access to hidden dotfiles in home directory
| 62 | Add to `~/.cursor/mcp.json`: |
External URL reference
| 47 | - A running OpenMeter instance (e.g. [Docker](https://openmeter.io/docs/installation/docker), default `http://localhost:8888`) |
External URL reference
| 71 | "OPENMETER_URL": "http://localhost:8888", |
External URL reference
| 89 | | `OPENMETER_URL` | `http://localhost:8888` | Base URL of OpenMeter API | |
External URL reference
| 343 | - [anthropics/skills/mcp-builder](https://skills.sh/anthropics/skills/mcp-builder) — MCP server development guide |
External URL reference
| 347 | - [MCP Specification](https://modelcontextprotocol.io/) — Protocol specification |
External URL reference
| 349 | - [OpenMeter API](https://openmeter.io/docs/api) — API endpoints |