// describe tools in plain english. get a running mcp server.
ToolStorePy takes a queries.json of natural-language tool requests, semantically retrieves matched repositories from a curated index, runs AST and optional LLM security scanning, merges secret templates, and synthesizes one runnable mcp_unified_server.py — on any host and port, with full build-time auditability.
pip install toolstorepy
# 1. describe what you need
$ cat queries.json
[
{ "tool_description":
"evaluate arithmetic expressions" },
{ "tool_description":
"convert units of measurement" }
]
# 2. build (LLM scan, custom port)
$ toolstorepy build \
--queries queries.json \
--index core-tools \
--llm-scan \
--port 9090
[✓] retrieved: calculator (0.94)
[✓] retrieved: unit-converter (0.91)
[✓] AST scan complete
[✓] LLM scan: INCLUDE (confidence=HIGH)
[✓] build complete → port 9090
# 3. run
$ python mcp_unified_server.pyArchitecture
Capabilities
Build
Resolves an index, runs semantic retrieval + reranking, clones winning repos, and synthesizes a single mcp_unified_server.py. Configure host and port at build time.
Index
Author catalogs from a JSON manifest, embed them locally into ChromaDB, and distribute via URL. Custom discovery, no hardcoding.
Security
Static AST scanning flags shell exec, deserialization, and env leaks. Opt-in LLM scan reviews full source autonomously — no human prompt needed.
Security Scanner
Every cloned repository passes through a static AST scanner before contributing to the final MCP server. Pass --llm-scan to add a full-source LLM review that makes autonomous include/skip decisions — no human prompt, any model provider via LangChain.
HIGHShell exec, dynamic eval, unsafe deserialization — requires approval or LLM skipMEDIUMCapability imports, env access, dynamic reflectionLOWCrypto primitives, deprecated modules, potential secret loggingToolStorePy is open source. Describe what you need, retrieve the best match, audit the supply chain, ship the server.