Get the FREE Ultimate OpenClaw Setup Guide →

trusted

First Trusted MCP server running on AWS Nitro Enclave Trusted Execution Environment

Installation
Run this command in your terminal to add the MCP server to Claude Code.
Run in terminal:
View docs
Command
claude mcp add --transport stdio 0xfreysa-trusted-mcp-server docker run -i trusted-mcp-server:latest

How to use

This MCP server exposes a Gmail-based MCP service over SSE (server-sent events). It is designed to run inside an AWS Nitro Enclave for added hardware-backed isolation. To use it, you’ll connect your MCP client to the server endpoint and subscribe to the gmail_mcp stream using your Gmail address and an app-specific password. The client configuration should point to the SSE URL provided by the server, as shown in the README snippet. Because this is a Gmail integration, you must provide an app-specific password rather than a regular Google password; include the email address and password in the client’s mcp.json as described. Note that the URL approach is currently used for transport, and care should be taken with URL logging as discussed in the Security Notice.

How to install

Prerequisites:

  • Docker installed and running on the host
  • Access to the repository containing the MCP server code
  • Optional: GVProxy and Nitro enclave tooling if you plan to run in an AWS Nitro Enclave

Installation steps:

  1. Clone the repository: git clone <repository-url> cd <repository-folder>

  2. Build the Docker image for the MCP server (if a prebuilt image is not available): docker build -t trusted-mcp-server:latest .

  3. Run the server in a container (example): docker run -i -p 7047:7047 trusted-mcp-server:latest

  4. Verify the server is reachable (healthcheck or curl to the SSE endpoint as described in the README): curl http://localhost:7047/

  5. If you are deploying to a Nitro enclave, follow the enclave setup script and environment configuration as documented in the repository (setup.sh, make, and related steps) to ensure the server runs inside the TEE.

Additional notes

Tips and considerations:

  • Security: Do not expose the Gmail app-specific password in logs or URLs; the README emphasizes the security risks of placing credentials in URLs.
  • Health checks: Use the provided healthcheck endpoint (curl http://127.0.0.1:7047/) to confirm the MCP server is running.
  • If you run in a Nitro enclave, ensure port exposure and security groups are correctly configured to allow necessary traffic while maintaining isolation.
  • If you need to verify code attestations, follow the verification steps in the README (build verifier, run locally, and verify attestation).
  • The configuration currently uses SSE transport; ensure your MCP client supports SSE and points to the correct URL and credentials in mcp.json.

Related MCP Servers

context7

47.3k

Context7 MCP Server -- Up-to-date code documentation for LLMs and AI code editors

obsidian -tools

612

Add Obsidian integrations like semantic search and custom Templater prompts to Claude or any MCP client.

MiniMax -JS

105

Official MiniMax Model Context Protocol (MCP) JavaScript implementation that provides seamless integration with MiniMax's powerful AI capabilities including image generation, video generation, text-to-speech, and voice cloning APIs.

mcp-bundler

14

Is the MCP configuration too complicated? You can easily share your own simplified setup!

akyn-sdk

12

Turn any data source into an MCP server in 5 minutes. Build AI-agents-ready knowledge bases.

promptboard

8

The Shared Whiteboard for Your AI Agents via MCP. Paste screenshots, mark them up, and share with AI.

Sponsor this space

Reach thousands of developers