remote_mcp

CRITICAL: Hardcoded `TEST_TOKEN = "e5076d"` (and similar `29e63eb5` for SQLite unlock) in `remote.py` and across multiple language demos. This token is used to bypass "security checks" for tool usage, making the entire system fundamentally insecure for production use as anyone knowing this token can call registered tools. CRITICAL: Use of `eval(code)` in the JavaScript (`reverse_mcp.js`) `evaluate_js` action. This allows arbitrary code execution via untrusted input, a severe Remote Code Execution (RCE) vulnerability. CRITICAL: SSL/TLS certificate verification is explicitly disabled (`rejectUnauthorized: false`, `InsecureSkipVerify: true`, `context.verify_mode = ssl.CERT_NONE`) in all language implementations for local communication. While intended for self-signed certificates in a local environment, this is a dangerous practice as it makes the system vulnerable to Man-in-the-Middle (MitM) attacks if exposed beyond a trusted local network. MEDIUM: The system allows external tools to `call OTHER MCP tools` (e.g., `sqlite`, `browser`, `user`). A compromised or malicious remote tool could exploit this to perform unauthorized actions via other integrated MCP tools. LOW: The custom JSON parsing in Kotlin (`reverse_mcp.kt`) is flagged as a "simplified parser for the demo" and recommends using a robust library for production, implying potential vulnerabilities if not properly handled.