MCP_SERVER_LOCAL_FILES_ACCESS
by AdityaShekhawat16
Overview
A local server providing AI agents with tools for CRUD operations on files (text, PDF, DOCX) and SQLite databases within a designated workspace.
Installation
python mcp_Server.pySecurity Notes
The `run_sql_query` function is critically vulnerable to SQL injection as it directly executes user-provided SQL queries without parameterization. An agent (or attacker) could craft malicious queries to read, modify, or delete database contents beyond intended scope. While directory traversal for file system operations is adequately handled by `_get_safe_path`, this does not protect against the database vulnerability. The ability to delete arbitrary files within the `TARGET_FOLDER` also presents a risk if an agent is compromised, even if confined to the target directory.
Similar Servers
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
fastfs-mcp
Enables AI assistants (like Claude) to interact with local filesystems, manage Git repositories, and engage users through interactive prompts via a standardized JSON-based protocol.
filesys
A secure Model Context Protocol (MCP) server that provides controlled filesystem operations for client applications and coding agents.
local-file-operating
A simplified local file system MCP server designed for managing Obsidian note libraries and Markdown files, enabling AI assistants to securely interact with and manipulate knowledge bases.