agent
Verified Safeby 1mcp-app
Overview
The 1MCP agent acts as a proxy for the Model Context Protocol, managing various MCP servers, enabling application configuration consolidation, and providing tools for registry interaction and preset management.
Installation
npx @1mcp/agent serveEnvironment Variables
- ONE_MCP_LOG_LEVEL
- ONE_MCP_CONFIG
- ONE_MCP_HOST
- ONE_MCP_PORT
- ONE_MCP_EXTERNAL_URL
- HTTPS_PROXY
- HTTP_PROXY
- LOG_LEVEL
Security Notes
The project demonstrates a strong focus on security, implementing multiple layers of defense. It utilizes `secureLogger` for redacting sensitive information (e.g., API keys, tokens) from logs and output. Input validation and sanitization (via `sanitization.ts`) are extensively used for names, URLs, headers, and environment variables to prevent common vulnerabilities like injection and path traversal. File system operations for backups, configuration, and OAuth session persistence (`FileStorageService`) include explicit access checks, directory creation, and ID validation to prevent malicious file access. The OAuth implementation incorporates rate limiting (`express-rate-limit`) and security middleware (`securityMiddleware.ts`) to detect suspicious patterns and introduce anti-timing attack delays. While there's a minor internal hack accessing a private SDK property (`_initialized` in `RestorableStreamableHTTPServerTransport`), it does not pose a direct server vulnerability. The use of `child_process.spawn` is present but appears to be for controlled operations on trusted binaries (e.g., `npx @1mcp/agent`).
Similar Servers
tiger-linear-mcp-server
Provides LLMs with focused tools to interact with the Linear API for issue and project management.
tiger-gh-mcp-server
Provides focused tools to LLMs for interacting with GitHub repositories and data via the Model Context Protocol.
thoughtbox
Provides cognitive enhancement tools for LLM agents, enabling structured reasoning, mental modeling, and interactive literate programming with JavaScript/TypeScript execution.
mcp-server
Provides AI-powered security insights and operational capabilities for Kubernetes and cloud environments by exposing Rad Security APIs as Model Context Protocol (MCP) tools.