| Version | Supported |
|---|---|
| 2.x | Yes |
| < 2.0 | No |
If you discover a security vulnerability, please report it responsibly:
- Do NOT open a public GitHub issue.
- Email: nate@lorecraft.io
- Include: description of the vulnerability, steps to reproduce, and potential impact.
- You will receive acknowledgment within 48 hours.
This MCP server uses Firebase refresh tokens and Motion API keys stored in a local .env file with chmod 600 permissions. These credentials grant full access to your Motion calendar.
If you suspect your credentials have been compromised:
- Rotate your Motion API key at https://app.usemotion.com/settings
- Sign out of all Motion browser sessions to invalidate the Firebase refresh token
- Re-run the setup wizard:
npx fidgetcoding-motion-mcp setup
- Source code in this repository
- Published npm package (
fidgetcoding-motion-mcp) - GitHub Actions workflows