mcp_project
Verified Safeby AlexandrosMelis
Overview
An AI-powered chatbot for searching, extracting, and summarizing academic papers using the Model Context Protocol (MCP).
Installation
npx @modelcontextprotocol/inspector uv run src/research_server.pyEnvironment Variables
- ANTHROPIC_API_KEY
Security Notes
The `extract_info` tool takes a `paper_id` as input, which is then used as a dictionary key to search within `papers_info.json` files. While the `topic` parameter for file path construction is sanitized (`lower().replace(" ", "_")`), direct user input for `paper_id` is not explicitly validated against path traversal characters. However, its use as a dictionary key rather than directly in file paths mitigates direct arbitrary file reading/writing. The server also uses `ANTHROPIC_API_KEY` from environment variables, which is a good practice. No 'eval' or other highly dangerous patterns were observed. Overall, it's moderately safe, but careful input sanitization for `paper_id` as a dictionary key is still recommended for robustness against potential argument injection attacks if the `papers_info.json` could be malformed or manipulated.
Similar Servers
django-ai-boost
Provides Model Context Protocol (MCP) tools for AI assistants to introspect and interact with Django project details and runtime information.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.
inspector
An interactive developer tool for testing, debugging, and monitoring MCP (Model Context Protocol) servers, including their tools, prompts, resources, and UI widgets.
mcp-playground
A web-based developer tool for testing, inspecting, and debugging Model Context Protocol (MCP) servers, supporting OAuth integration, request logging, and interactive execution of tools, resources, and prompts.