crimeapp-mcp

Name: crimeapp-mcp
Author: Batman-05

by Batman-05

Overview

A Cloudflare Worker acting as a Model Context Protocol (MCP) server that exposes tools for crime analysis and news article fetching, delegating complex natural language queries to an external LangChain/LangGraph-powered AI agent.

Installation

Run Command

npx wrangler dev

Environment Variables

CRIME_DB
OPENAI_API_KEY
POLICY_AUD
TEAM_DOMAIN
LANG_AGENT_URL
MCP_OBJECT
MCP_BASE_URL
MCP_GATEWAY_TOKEN

Security Notes

CRITICAL: The `isAuthorized` checks for `/proxy/db/query` and `/proxy/news_articles` endpoints in `crimeapp-mcp-server/src/index.ts` are commented out, making these internal database proxy endpoints publicly accessible without authentication. While `sanitizeSelect` limits queries to `SELECT` and adds `LIMIT 1000`, this still allows for unauthenticated information leakage of sensitive crime data. Additionally, the `AGENT_SHARED_SECRET` check in `crimeapp-mcp-server/src/lib/agent.ts` is commented out, meaning calls to the external LangChain agent (`LANG_AGENT_URL`) are unauthenticated, which is another major security flaw. The `lang-agent` generates SQL queries using an LLM (`_plan_sql_from_query`), which, despite SQL sanitization (`_sanitize_select`), introduces a high risk of LLM hallucinating or being prompted to generate malicious or resource-intensive queries that could bypass imperfect guardrails.

Similar Servers

End-to-End-Agentic-Ai-Automation-Lab

This MCP Server provides an API gateway for an AutoGen multi-agent system to interact with Notion via the Model Context Protocol (MCP), enabling AI-driven automation of Notion tasks and public exposure through ngrok.

Other

$Low

portaljs-mcp-server

A remote Model Context Protocol (MCP) server deployed on Cloudflare Workers, providing AI agent tools to interact with PortalJS datasets for search, retrieval, and data preview.

Other

$Low