Is Signupgenius free?

Yes, Signupgenius is free to use.

How do I install Signupgenius?

Signupgenius is a local plugin. Install it using npm package: signupgenius-mcp and add the generated configuration snippet to your AI app's MCP config file. Then restart your AI app.

Is Signupgenius safe to use?

Signupgenius scored 6/10 (moderate risk) in MCP Marketplace's automated security scan. It has 1 high or critical finding to review. It's listed, but review the security report on this page before installing.

What credentials does Signupgenius need?

Signupgenius requires the following credentials or environment variables: SIGNUPGENIUS_EMAIL, SIGNUPGENIUS_PASSWORD, SIGNUPGENIUS_USER_KEY, SIGNUPGENIUS_NAME, SIGNUPGENIUS_BASE_URL, SIGNUPGENIUS_LEGACY_BASE_URL, SIGNUPGENIUS_LOGIN_URL, SIGNUPGENIUS_DISABLE_FETCHPROXY. You can find setup instructions on the server detail page.

What AI apps work with Signupgenius?

Signupgenius uses the Model Context Protocol (MCP) and works with any MCP-compatible AI app, including Claude, ChatGPT / Codex, Gemini, Copilot, Cursor, and more.

Back to Browse

Signupgenius MCP Server

by Chris Hall

Developer ToolsModerate6.0Local

Free

SignUpGenius for Claude — sign-ups, slot reports, and groups. Free accounts or Pro API key.

About

SignUpGenius for Claude — sign-ups, slot reports, and groups. Free accounts or Pro API key.

Security Report

6.0

Moderate6.0Moderate Risk

This MCP server provides read/write access to SignUpGenius accounts with three authentication modes (Pro API key, session login, or fetchproxy cookies). Authentication is well-implemented with proper credential handling, session management, and expiry detection. Code quality is strong with comprehensive test coverage. The primary security concern is the server's reliance on web scraping and undocumented APIs (acknowledged in the ToS), which creates maintenance risk but not a code vulnerability. Permissions are appropriate for the declared purpose of managing personal signups and groups. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 1 high severity). Package verification found 1 issue.

5 files analyzed · 7 issues found

Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.

Permissions Required

This plugin requests these system permissions. Most are normal for its category.

env_vars

Check that this permission is expected for this type of plugin.

HTTP Network Access

Connects to external APIs or services over the internet.

clipboard

Check that this permission is expected for this type of plugin.

What You'll Need

Set these up before or after installing:

SignUpGenius login email (recommended). Pair with SIGNUPGENIUS_PASSWORD for session mode — works on free accounts. No SSO/2FA.Optional

Environment variable: SIGNUPGENIUS_EMAIL

SignUpGenius password (recommended) — required iff SIGNUPGENIUS_EMAIL is set.Required

Environment variable: SIGNUPGENIUS_PASSWORD

SignUpGenius Pro API key (Pro Tools > API Management). Required only for slot REPORTS — Pro subscription needed.Required

Environment variable: SIGNUPGENIUS_USER_KEY

Friendly account name used in startup logs.Optional

Environment variable: SIGNUPGENIUS_NAME

Override the default JSON API base (v2/k for key mode, v3 for session mode).Optional

Environment variable: SIGNUPGENIUS_BASE_URL

Session mode only: override the host for legacy /SUGboxAPI.cfm calls. Defaults to https://www.signupgenius.com.Optional

Environment variable: SIGNUPGENIUS_LEGACY_BASE_URL

Session mode only: override the login-form host. Defaults to https://www.signupgenius.com.Optional

Environment variable: SIGNUPGENIUS_LOGIN_URL

Set to 1 to skip the fetchproxy browser-extension fallback (missing creds become a hard error — useful in headless CI).Optional

Environment variable: SIGNUPGENIUS_DISABLE_FETCHPROXY

How to Install

Add this to your MCP configuration file:

{
  "mcpServers": {
    "io-github-chrischall-signupgenius-mcp": {
      "env": {
        "SIGNUPGENIUS_NAME": "your-signupgenius-name-here",
        "SIGNUPGENIUS_EMAIL": "your-signupgenius-email-here",
        "SIGNUPGENIUS_BASE_URL": "your-signupgenius-base-url-here",
        "SIGNUPGENIUS_PASSWORD": "your-signupgenius-password-here",
        "SIGNUPGENIUS_USER_KEY": "your-signupgenius-user-key-here",
        "SIGNUPGENIUS_LOGIN_URL": "your-signupgenius-login-url-here",
        "SIGNUPGENIUS_LEGACY_BASE_URL": "your-signupgenius-legacy-base-url-here",
        "SIGNUPGENIUS_DISABLE_FETCHPROXY": "your-signupgenius-disable-fetchproxy-here"
      },
      "args": [
        "-y",
        "signupgenius-mcp"
      ],
      "command": "npx"
    }
  }
}

Documentation

View on GitHub

From the project's GitHub README.

signupgenius-mcp

MCP server for SignUpGenius. 13 read tools and 1 write across profile, groups, sign-ups, and reports.

Three auth modes (tried in this priority order — first match wins):

Pro key mode. Uses the documented Pro API key. Required only for the slot REPORT tools (filled/available/all-participants). Pro subscription needed.
Session mode. Logs in with your normal email/password to call the same web API the signupgenius.com dashboard uses. Free accounts work. No SSO/2FA.
fetchproxy fallback (no env vars needed). When no env vars are set, the server reads accessToken / cfid / cftoken cookies once at startup from your already-signed-in signupgenius.com tab via the fetchproxy browser extension. After that one read, all SignUpGenius API calls go directly from Node — the extension is not in the request hot path. Install the extension once, sign into SignUpGenius, and the MCP just works.

Set SIGNUPGENIUS_DISABLE_FETCHPROXY=1 to opt out of the fallback (turns missing credentials into a hard error — useful in headless CI).

Tools

Domain	Tools	Mode
Profile	`signupgenius_get_profile`	both
Groups	`signupgenius_list_groups`, `signupgenius_list_group_members`, `signupgenius_get_group_member`, `signupgenius_add_group_member` (write)	both
Sign-ups	`signupgenius_list_created_active`, `_expired`, `_all`, `signupgenius_list_invited`, `signupgenius_list_signedupfor`	both
Sign-ups (extras)	`signupgenius_legacy_get_my_signups`	session only
Reports	`signupgenius_report_all`, `signupgenius_report_filled`, `signupgenius_report_available`	key only

Notes on session-mode sign-up listings: the v3 endpoints signups/created, signups/invited, and signups/signedupfor return the full list in one paginated call (no separate active/expired URLs). The three signupgenius_list_created_* tools all map to the same endpoint in session mode; filter by enddate client-side. The bonus signupgenius_legacy_get_my_signups calls the same backend the SignUpGenius wizard itself uses and sometimes returns fuller data.

Reports in session mode fail fast with a clear ModeMismatchError telling the user to set SIGNUPGENIUS_USER_KEY.

Configuration

Session mode (recommended)

SIGNUPGENIUS_EMAIL=you@example.com
SIGNUPGENIUS_PASSWORD=your-password
SIGNUPGENIUS_NAME=Family               # optional, log label only

The server logs into signupgenius.com on first request, caches the JWT and session cookies, and silently re-logs in on a 401. Treat .env like a password file — it's gitignored here, do not commit.

Direct email/password accounts only. Won't work with Google/Apple/Facebook/Microsoft SSO or 2FA, same caveat as similar sibling MCPs.

Key mode (Pro only)

SIGNUPGENIUS_USER_KEY=your-api-key
SIGNUPGENIUS_NAME=PTA Org              # optional

Find the user key in SignUpGenius under Pro Tools → API Management.

fetchproxy fallback (no env vars)

Install the fetchproxy extension (Chrome Web Store / Safari .dmg), sign into signupgenius.com, and remove the env block from your MCP config. The MCP reads accessToken / cfid / cftoken cookies once at startup and uses them like a session-mode login. No password copy-paste required.

The slot REPORT tools still require Pro key mode — SIGNUPGENIUS_USER_KEY is the only path that hits the documented v2/k Pro API.

Both at once

Set both Pro key and email/password. Key mode wins. Useful if you have Pro for some accounts and want reports while still using your normal login elsewhere.

Advanced overrides

Env var	Default	Purpose
`SIGNUPGENIUS_BASE_URL`	key: `https://api.signupgenius.com/v2/k`session: `https://api.signupgenius.com/v3`	Override the JSON API base.
`SIGNUPGENIUS_LEGACY_BASE_URL`	`https://www.signupgenius.com`	Override the host for `/SUGboxAPI.cfm?go=…` legacy calls.
`SIGNUPGENIUS_LOGIN_URL`	`https://www.signupgenius.com`	Override the login form host.
`SIGNUPGENIUS_DISABLE_FETCHPROXY`	unset	Set to `1` to skip the fetchproxy fallback (missing creds become a hard error).

ToS caveat

SignUpGenius's terms generally prohibit scripted/automated access. Session mode is "your own account, your own risk" — fine for personal automation but not something you should run at scale or on accounts you don't own.

Local dev

npm install
npm run build
npm test

Point an MCP host at dist/bundle.js with the env vars above, or run npm run dev after creating a .env.

Tests: vitest, 100% line/branch/function coverage. End-to-end tests against the SignUpGenius API are not in CI by design — running them requires real credentials.

Notes

The Pro v2/k API authenticates via a user_key query param. The session API uses a JWT Bearer + session cookie. The client picks the right one based on which env vars you set.
All response envelopes are normalized to { data, message, success } (lowercase) regardless of which surface served the request — the legacy SUGboxAPI dispatcher's uppercase envelope is rewritten internally.
For testing the Pro v2/k surface without an account, SignUpGenius publishes a frozen demo key: V0FzMkxZcmVOZlVnclZMVEl6dGhWQT09.

Developed and maintained by AI (Claude). Use at your own discretion.

Acknowledgement of Terms

By using this MCP server, you acknowledge and agree to the following:

1. This server accesses your own SignUpGenius account. Auth happens via your own credentials. It does not — and cannot — access anyone else's account or signups.

2. SignUpGenius's Terms of Service govern your use of this server, just as they govern your direct use of signupgenius.com. The clauses most relevant here:

Users may not bypass any robot exclusion headers or other measures we take to restrict access to the Services or use any software, technology, or device to scrape, spider, or crawl the Services.

And: "You are responsible for maintaining the confidentiality of your account user name and password… You agree to accept responsibility for any and all activities or actions that occur in connection with your User Credentials."

You are agreeing to those terms — read by the maintainer 2026-05-23 — every time you invoke a tool in this server. Notably, SignUpGenius does offer an official API for paid plans; where possible, prefer the official API over the endpoints this MCP exercises.

3. Personal, organizer/participant use only. This project is not affiliated with, endorsed by, sponsored by, or in partnership with SignUpGenius, Inc. It is a personal automation tool for an authenticated user to manage their own signups and groups. Do not use it to scrape other organizers' signups, spam participants, or bulk-add fake group members.

4. Stability is not guaranteed. This server may call internal endpoints that SignUpGenius can change without notice. If a tool here breaks, the canonical fix is to use the official API where available.

5. You accept full responsibility for any consequences of using this server in connection with your SignUpGenius account — rate limiting, account warnings, suspension, or any enforcement action. Per the ToS, everything done under your credentials is attributed to you. If SignUpGenius objects to your use, stop using this server.

This section is the maintainer's good-faith summary of the terms — it is not legal advice and does not modify or supersede SignUpGenius's actual ToS.