project-guardian-mcp-server

The server exhibits critical security vulnerabilities due to its handling of file paths and direct SQL execution: 1. The `import_data` and `export_data` tools allow arbitrary `filePath` inputs without sanitization or confinement to a safe directory. An attacker controlling these inputs could perform directory traversal to read or write any file on the system, potentially leading to data exfiltration or remote code execution. 2. The `import_data` tool, when used with `format: 'sql'`, executes raw SQL commands from a user-specified file. This, combined with the lack of file path validation, could allow an attacker to execute arbitrary SQL, including commands that drop tables, alter data, or even attach external malicious databases. 3. While `execute_sql` supports parameterized queries, its description in the README encourages raw SQL execution without parameters, which can lead to SQL injection if the query string is not fully trusted. 4. The `memory.db` file is created directly in the current working directory, which is not ideal for data isolation or security. 5. There is no explicit authentication or authorization layer implemented in the server itself, relying solely on the security of the MCP client and its communication channel.