1xn-vmcp

This server has critical security vulnerabilities that make it unsafe to run in any publicly exposed environment, and potentially unsafe even locally if untrusted users can define custom servers or tools. 1. **Arbitrary Code Execution via stdio MCP servers:** The `MCPClientManager` allows users to configure and execute arbitrary commands on the host system via `stdio` transport type MCP servers. While input validation exists for format and length, it does not prevent the execution of malicious commands. 2. **Arbitrary Python Code Execution via Custom Python Tools:** The `python_tool` feature explicitly executes user-provided Python code using `exec`. Although it attempts sandboxing with `RestrictedPython`, the codebase itself acknowledges this is 'not a complete security solution against determined attackers.' This is a severe, known vulnerability. 3. **Hardcoded Dummy Credentials and Default Open Access:** In OSS mode, it uses hardcoded dummy user credentials (`local-user`, `local-token`) and enables overly permissive CORS (`allow_origins=['*']`). This means any instance running in OSS mode is unauthenticated and fully accessible to anyone who knows these public default values, making it highly vulnerable if exposed to the network. 4. **Sensitive Data Handling:** OAuth tokens are stored in the database without explicit encryption, which could be a risk if the database is compromised.