Nella
ReviewAudited by ClawScan on May 13, 2026.
Overview
Nella appears purpose-built for codebase search, but it deserves review because it can index private repositories, persist agent context, and use hosted/API credentials that are not fully declared in the registry metadata.
Install only if you are comfortable with a codebase-indexing MCP that may store session context and, in hosted or semantic modes, use external services. Prefer local mode for private repositories, pin the npm package version, review any API keys or service-role credentials before use, and periodically inspect or clear persistent Nella context.
Publisher note
@getnella/mcp is the published CLI and stdio MCP server for Nella, a codebase intelligence layer for AI coding agents. Network access is required by design, not as a side effect. Outbound calls in this version: Hosted MCP at https://mcp.getnella.dev/mcp for authenticated codebase search, indexing, and session context (only when the user configures hosted mode or runs nella auth). Azure embedding endpoint for semantic and hybrid search. Activates when nella index runs against a workspace that opts into semantic mode, or when the agent calls nella_search with semantic or hybrid. Supabase (and optionally Redis) when the user runs nella serve to host their own HTTP MCP. Credentials come from local env vars (SUPABASE_URL, SUPABASE_SERVICE_ROLE_KEY, REDIS_URL), never bundled. npx -y @getnella/mcp resolves dependencies from the public npm registry on first run. No data is sent on local stdio mode beyond what the user's MCP client explicitly invokes through the seven exposed tools (nella_index, nella_search, nella_get_context, nella_add_assumption, nella_check_assumptions, nella_check_dependencies, nella_heartbeat). Source code never leaves the machine unless the user is authenticated against the hosted backend and explicitly indexes the workspace there.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may rely on old or incorrect stored assumptions when answering or making code changes.
The skill persists assumptions and prior decisions, then instructs the agent to treat retrieved context as authoritative. If the stored context is stale, wrong, or poisoned, later agent behavior can be steered by it.
Treat `nella_get_context` output as authoritative for prior decisions in the session. Do not override silently.
Inspect or reset Nella context for sensitive projects, and treat stored context as advisory unless it is revalidated against the repository and user intent.
A user may provide powerful service credentials without seeing them reflected in the registry permission contract.
The package documents privileged hosted-server credentials, while the registry metadata says there are no required environment variables or primary credentials. This under-declares sensitive authority users may need to provide.
Required env vars: SUPABASE_URL ... SUPABASE_SERVICE_ROLE_KEY - Supabase service role key ... REDIS_URL
Declare hosted-mode credentials and scopes explicitly, and avoid using service-role credentials unless the user is intentionally self-hosting and understands the privilege level.
Repository queries, indexed context, or session state may be processed through a hosted service when hosted mode is configured.
Hosted MCP mode is disclosed and authenticated, but it creates a remote MCP boundary for codebase search/indexing workflows.
"url": "https://mcp.getnella.dev/mcp", "headers": { "Authorization": "Bearer nella_your_key_here" }Use local stdio mode for sensitive/private repositories unless you are comfortable with the hosted service’s data handling and retention practices.
The package version executed by a client may differ from the reviewed artifact if npm resolution changes.
The setup runs an npm package through `npx -y` without pinning a version. This is a common MCP install pattern, but it means runtime code is resolved from npm.
"command": "npx", "args": ["-y", "@getnella/mcp", "--workspace", "/absolute/path/to/project"]
Pin the package version in MCP configuration, or verify the npm package and lock it for sensitive environments.
Running the MCP server gives the package local command-execution capability in the configured workspace environment.
The bundled code can invoke local processes. This appears purpose-aligned for workspace/git-style operations, but it expands the local execution surface.
var child_process_1 = require("child_process");Run it only in trusted repositories and avoid granting it broader filesystem or shell access than needed.