whistle-mcp

The server itself does not contain obvious hardcoded secrets or direct 'eval' of user input that would execute code on the host system. However, it acts as an interface to a local Whistle proxy. Arguments like 'ruleValue' for 'updateRule' and 'url', 'headers', 'body' for 'replayRequest' are taken directly from AI tool calls. A malicious AI prompt (or a malicious user interacting with an AI) could instruct the Whistle MCP server to send arbitrary, potentially harmful, configurations to the local Whistle proxy or replay malicious requests. The 'getInterceptInfo' tool uses 'new RegExp(url)' which could be vulnerable to ReDoS (Regular Expression Denial of Service) if the 'url' parameter contains a maliciously crafted regular expression, potentially causing high CPU usage locally, although the code includes a try-catch for invalid regex syntax. There's also a minor inconsistency where the tool 'toggleHttpInterception' is implemented to call 'whistleClient.toggleHttpsInterception', meaning it will toggle HTTPS interception despite its name suggesting HTTP. This could lead to unexpected behavior.