SpreadJS_mcp
by CharlieNey
Overview
A web application with an AI chat interface alongside a spreadsheet, allowing users to interact with the spreadsheet through natural language using the SpreadJS MCP server to execute operations.
Installation
npm startEnvironment Variables
- ANTHROPIC_API_KEY
- SPREADJS_MCP_PATH
- SUPABASE_URL
- SUPABASE_ANON_KEY
- VITE_API_URL
- VITE_SPREADJS_LICENSE
- SPREADJS_MODE
- SPREADJS_BROWSER_URL
- SPREADJS_LICENSE_KEY
Security Notes
The `src/tools/io.ts` module allows the AI (driven by user prompts) to read from and write to the local filesystem via tools like `import_json`, `export_json`, `import_csv`, and `export_csv` using a user-provided `filePath`. This poses a critical security risk, as a malicious prompt could instruct the AI to read sensitive server files (e.g., `/etc/passwd`) or write arbitrary files, potentially leading to remote code execution or data exfiltration. Additionally, the backend spawns the MCP server as a child process; while the default path is relative, if `SPREADJS_MCP_PATH` were to be controlled by an attacker, it could lead to arbitrary code execution. The application also handles arbitrary file uploads, which are then analyzed by the AI, increasing the potential attack surface if combined with the filesystem manipulation tools.
Similar Servers
mcp-gsheets
A Model Context Protocol (MCP) server for Google Sheets API integration, enabling reading, writing, and managing Google Sheets documents directly from MCP clients like Claude Code, Claude Desktop, or Cursor.
mcp
An MCP server providing a set of mathematical tools (calculator functions) for remote execution via the Model Context Protocol.
photons
A comprehensive demonstration MCP server showcasing various functionalities of the Photon runtime, including basic data handling, streaming responses, progress reporting, in-memory state management, and interactive UI elements. It serves as a reference for developers building new photons.
OpenFoodFacts-MCP
Provides contextual information and specialized tools for Open Food Facts data and development tasks to AI-powered development tools using the Model Context Protocol.