MCP Server for Arch Wiki, Packages, and AUR

nihalxkumar · 2025-10-24 08:02:00

- Use AI to fetch what you need from wiki or from aur
- run 50+ security checks before installing any AUR Pacakge
- troubleshoot your system with AI assistance
and much more

Detailed Documentation: https://nxk.mintlify.app/arch-mcp/

Source: https://github.com/nihalxkumar/arch-mcp

I know many of don't like using AI whether its open or closed source.
This is for those who want to use AI.

Contributions welcome!

Lone_Wolf · 2025-10-24 09:47:52

From https://nxk.mintlify.app/arch-mcp/install

Python 3.11+ - Check version: python --version

Arch currently uses python 3.13, why are you allowing older python versions ?

This command will automatically:
Download and install the latest version
Set up all required dependencies
Make the server available globally

"Making the server available globally" opens the system the server runs on to many threats.
It should never be done automatically and how this is done needs to be documented extensively.

from https://github.com/nihalxkumar/arch-mcp

Leverage AI to get output for digestible, structured results that are ready for follow up questions and actions.

Add something like "Created by nihalxkumar arch mcp server" to ALL outputs to make very clear they're AI generated and by which AI

Enables intelligent, safe, and efficient access

Where is the proof this is safe ?

Moderator Note:
I am moving this to TGN to keep this out of search engines.
For now it stays open.

Succulent of your garden · 2025-10-24 11:35:56

I'm not against that you cab create a program to fetch AUR pacakges to manages MCP servers. But maybe everyone that is interested about this topic should know that this exists https://hub.docker.com/mcp

In some way docker is centralizing the mcp servers into containers, in some sense this avoids to check many repos in github to find probably one that is the official mcp server for the service, which was the case some months ago.

Probably if you want to create a custom mcp server or a mcp server for a program that you are creating, then probably you can put it in the AUR, but I also would suggest to implement the docker image approach. I mean someone could tell me that the docker one could be more bloated than the AUR version, okey that could happen, but I suggest the pick your poison approach to be honest. You can see the dockerfile of the image and analyze it with trivy also

nihalxkumar · 2025-10-24 14:16:03

@Lone_Wolf Thank you for taking the time to review the project and raise these important points.
It seems the main confusion stems from the term "server" and how the Model Context Protocol (MCP) works, so I'd like to clarify that first.

MCP is an open-source standard for connecting AI applications to external systems and it is secure by design.
https://modelcontextprotocol.io/

> "Making the server available globally" opens the system the server runs on to many threats.
> It should never be done automatically and how this is done needs to be documented extensively.

The communication happens over STDIO (Standard Input/Output), which is essentially a private,
direct pipe between two programs locally running on the machine.
There is no network exposure in between.
So, while arch-mcp is called a "server," it doesn't open any network ports.

More regarding safety:

The tool is only "globally" available to other applications on your local machine via MCP, not to the internet.
I agree, My use of the word "globally" in the documentation was a poor choice, and I have rectified it.
Additionally, I want to mention that the project is also designed for safety
it is configured to refer only official Arch sources. Anything outside of it is can not be done with it.
And with features like PKGBUILD scanning it is made to to detect malicious packages https://github.com/nihalxkumar/arch-mcp … L327-L1131
plus it's fully open-source and locally run for anyone to audit.

> Add something like "Created by nihalxkumar arch mcp server" to ALL outputs to make very clear they're AI generated

Great suggestion. Just like I have added a disclaimer for AUR packages https://github.com/nihalxkumar/arch-mcp … #L112-L134
I will figure out how to add a clear, static disclaimer to all AI-generated output.
Some MCP clients may call different tools and the output may not show in the final output shown to the end user but I will try to figure it out.

> and by which AI

The MCP(upstream) is designed such that it doesn't know which AI the user has connected

> Arch currently uses python 3.13, why are you allowing older python versions ?

The Python 3.11+ requirement simply indicates the minimum version the tool is compatible with.
This is to ensure it can run on a variety of systems, not just on Arch systems.
It works perfectly with Arch's current Python 3.13 and pose no risk.

nihalxkumar · 2025-10-24 14:22:35

@Succulent of your garden

You're absolutely right. Yes there could be a docker container for it.
I was doing something with a dockerfile, https://github.com/nihalxkumar/arch-mcp … DOCKERFILE
it is planned

Succulent of your garden · 2025-10-24 14:47:39

nihalxkumar wrote:

I was doing something with a dockerfile, https://github.com/nihalxkumar/arch-mcp … DOCKERFILE

mmm but what is the main point of creating your program in a docker container apart from a different another way to install it ? I mean, if you are going to use it for working with Arch Linux AUR how you could install those packages in the system through docker ? Since docker have a bridge network and in some sense is a replace of the main system network for making services available: what is going to be your approach on that ? You are going to create Arch Linux docker containers with the MCP server on it inside the docker network ? or are you going to make available the option to download MCP servers through docker hub instead of the AUR and run it as a docker container in the docker bridge or whatever network docker is using ?

Last edited by Succulent of your garden (2025-10-24 14:48:43)

nihalxkumar · 2025-10-24 15:11:47

I had only planned it as an another way to install and run it locally :sweat_smile:
I want to reiterate that this program("mcp server") is not restricted to arch systems. It can work on any OS. And has multiple features mentioned in docs.
A developer on Ubuntu or macOS could use the Docker container to analyze a PKGBUILD for security red flags without needing an Arch environment.
The `analyze_pkgbuild_safety` function is a pure Python implementation that only uses standard library modules (re and urllib.parse). It doesn't require pacman, AUR helpers, or any Arch-specific tools.

Last edited by nihalxkumar (2025-10-24 15:12:43)

Succulent of your garden · 2025-10-24 15:35:30

Seems a nice project, but my OCD will try always to do the mcp server installation with checking things with other tools like trivy or using snyk to check packages health status so I can trust every point of my mcp server implementation and don't get pwned in the process. But if you manage to automate some task with your tool and you trust what you are going to write, then go ahead, make your day, seems a nice project to have to be honest ^^

ewaller · 2025-10-24 18:53:05

nihalxkumar wrote:

hank you for taking the time to review the project and raise these important points.
It seems the main confusion stems from the term "server" and how the Model Context Protocol (MCP) works, so I'd like to clarify that first.

I'm just guessing here, but that sure seems like a LLM generated response. Just saying....

nihalxkumar · 2025-10-24 19:37:53

@Succulent thank you! yes, of course, one should not compromise on personal safety and privacy.

@ewaller My first time in a conversation like this. Took some help in framing How do you feel about rest of the content? If things are clear I would request to move the topic to its suitable location. Thanks

ewaller · 2025-10-25 02:14:49

nihalxkumar wrote:

My first time in a conversation like this. Took some help in framing How do you feel about rest of the content? If things are clear I would request to move the topic to its suitable location. Thanks

In my opinion, you are doing fine. If you are using a Large Language Model (LLM) to help, so be it.
Many of us misanthropes here are not fans of LLMs -- but there is no denying they are here and are not going away. And they are a good tool. They are not a panacea. They may pass the Turing test, but they are neither generally intelligent or sentient. They are a tool trained on an internet written by people of average intelligence.

Succulent of your garden · 2025-10-25 10:35:38

ewaller wrote:

n my opinion, you are doing fine. If you are using a Large Language Model (LLM) to help, so be it.
Many of us misanthropes here are not fans of LLMs -- but there is no denying they are here and are not going away. And they are a good tool. They are not a panacea. They may pass the Turing test, but they are neither generally intelligent or sentient. They are a tool trained on an internet written by people of average intelligence.

My healthy misanthropy does make me think the same Waller. But I'm currently thinking that these things are going to be a little bit more intelligent because of fine tuning, rag and maybe cognee. It's going to take a while, maybe a year or two, but it's not going to be AGI or that kind of discourse. Just better model for specific tasks, just that.

Apart from the coming AI bubble explosion in the future, there are also machine learning people finaaaaly starting to say that AGI is not going to happen soon. I mean only the famous ones like Karpathy, which the last year If I'm not remembering wrong was saying that AGI is coming and among other silly stuff.

But I think is fine to play with these tools as a programmer, mostly because you can control it

I guess build the tool, try to not use the tool as much as possible

Last edited by Succulent of your garden (2025-10-25 10:37:18)

Lone_Wolf · 2025-10-25 12:22:03

Moderator Note
Upon reading the responses in this thread (and the private discussion among moderators) I'm moving this back to Community Contributions.

nihalxkumar · 2025-10-25 17:28:04

Thanks mods <3

@lone_wolf I just tried it using this on Claude 4.5 Sonnet, it mentions on every function call that it is using the MCP. So, things depends on which model one is using it with.

Here is the demo:- https://mintcdn.com/nxk/HHCDxPLWa0uTmnK … b8b0c03534
it is a video link from the docs: https://nxk.mintlify.app/arch-mcp/index

To others who are just now seeing the post: Hi, please make sure you spend time reading the above conversation before commenting. It would be best if you understand MCPs and provide a constructive feedback. Thank you so much

Arch Linux

#1 2025-10-24 08:02:00

MCP Server for Arch Wiki, Packages, and AUR

#2 2025-10-24 09:47:52

Re: MCP Server for Arch Wiki, Packages, and AUR

#3 2025-10-24 11:35:56

Re: MCP Server for Arch Wiki, Packages, and AUR

#4 2025-10-24 14:16:03

Re: MCP Server for Arch Wiki, Packages, and AUR

#5 2025-10-24 14:22:35

Re: MCP Server for Arch Wiki, Packages, and AUR

#6 2025-10-24 14:47:39

Re: MCP Server for Arch Wiki, Packages, and AUR

#7 2025-10-24 15:11:47

Re: MCP Server for Arch Wiki, Packages, and AUR

#8 2025-10-24 15:35:30

Re: MCP Server for Arch Wiki, Packages, and AUR

#9 2025-10-24 18:53:05

Re: MCP Server for Arch Wiki, Packages, and AUR

#10 2025-10-24 19:37:53

Re: MCP Server for Arch Wiki, Packages, and AUR

#11 2025-10-25 02:14:49

Re: MCP Server for Arch Wiki, Packages, and AUR

#12 2025-10-25 10:35:38

Re: MCP Server for Arch Wiki, Packages, and AUR

#13 2025-10-25 12:22:03

Re: MCP Server for Arch Wiki, Packages, and AUR

#14 2025-10-25 17:28:04

Re: MCP Server for Arch Wiki, Packages, and AUR

Board footer