Mycelium
by AutumnsGrove
Overview
Serves as an MCP (Model Context Protocol) server, acting as the communication network for AI agents (like Claude) to interact with various Grove ecosystem services such as blogging (Lattice), remote development (Bloom), storage (Amber), and analytics (Rings).
Installation
pnpm devEnvironment Variables
- GROVEAUTH_CLIENT_ID
- GROVEAUTH_CLIENT_SECRET
- GROVEAUTH_REDIRECT_URI
- COOKIE_ENCRYPTION_KEY
- ENVIRONMENT
Security Notes
The server has critical SQL injection vulnerabilities due to the direct concatenation of user-controlled input into SQL queries. Specifically, in `src/tools/context.ts`, the `mycelium_history` tool takes a `type` parameter which is directly inserted into a SQL query without sanitization, allowing for arbitrary SQL execution. While `logTask` attempts to escape single quotes, this is an insufficient mitigation for untrusted input. The `mycelium_preferences` tool also uses string interpolation for SQL updates, though the inputs are validated by Zod prior to insertion, reinforcing a risky pattern in the SQL layer. Hardcoded API endpoints are for internal Grove services, not sensitive credentials.
Similar Servers
remote-mcp-oauth-github
Provides a Cloudflare Workers-based Model Context Protocol (MCP) server with GitHub OAuth for secure custom integrations with Claude.ai.
mold-inventory
An MCP server that provides an LLM with authenticated access to a mold inventory management API, allowing it to retrieve mold data on behalf of a user.
semantic-wake-intelligence-mcp
A Model Context Protocol (MCP) server providing AI agents with a 3-layer temporal intelligence system for memory, causality, and prediction.
remote-mcp-server-authless
Deploying an unauthenticated Model Context Protocol (MCP) server on Cloudflare Workers, providing simple calculator tools to AI clients.