Sefaria API MCP
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign Sefaria MCP helper, but using it requires user-directed GitHub/npm setup and starts a local Node-based MCP server.
Before installing, confirm you trust the referenced GitHub project and its npm dependencies, then use the connect tool only when you intend to start the local Sefaria MCP server.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the MCP server may run third-party Node dependencies from the referenced repository.
The documented setup depends on cloning and building an external GitHub/npm project that is not included in the packaged artifacts or pinned by the registry install metadata.
git clone https://github.com/davad00/sefaria-api-mcp.git cd sefaria-api-mcp ... npm install ... npm run build
Review the referenced repository, package files, and dependency lockfile before running npm install/build, and prefer pinning to a known commit or release.
Using connect will run local server code and may leave a local MCP process listening on the selected port.
The connect tool starts a local Node process for the MCP server. This is disclosed and purpose-aligned, but it is still local code execution and depends on a built dist/index.js file.
return command('node', ['dist/index.js'], {
env: {
PORT: port
}
})Only run connect after installing the intended MCP server, verify the built file comes from the expected source, and stop the server when finished.