manus-mcp-server

CRITICAL VULNERABILITIES: The `get_code_context` tool uses `execSync` with `grep -r "${query}"`. The `query` argument comes directly from the AI agent's input, making the server highly vulnerable to shell injection attacks. An attacker controlling the AI agent's prompts could execute arbitrary commands on the host system. Additionally, the `INTEGRATION_GUIDE.md` explicitly states 'No authentication' and 'No rate limiting' are implemented in the current setup, making the server openly accessible and susceptible to abuse. The `create_task` tool writes user-provided content (`title`, `description`) to files, which could potentially lead to path traversal or denial-of-service via large files if inputs are not properly sanitized. The `BLUEBIRD_API_URL` being configurable via an environment variable could expose the server to Server-Side Request Forgery (SSRF) if the variable is compromised. This server is not safe to run in its current state without significant security enhancements.