SpreadJS_mcp
by CharlieNey
Overview
A web application with an AI chat interface alongside a spreadsheet, allowing users to interact with the spreadsheet through natural language using the SpreadJS MCP server to execute operations.
Installation
npm startEnvironment Variables
- ANTHROPIC_API_KEY
- SPREADJS_MCP_PATH
- SUPABASE_URL
- SUPABASE_ANON_KEY
- VITE_API_URL
- VITE_SPREADJS_LICENSE
- SPREADJS_MODE
- SPREADJS_BROWSER_URL
- SPREADJS_LICENSE_KEY
Security Notes
The `src/tools/io.ts` module allows the AI (driven by user prompts) to read from and write to the local filesystem via tools like `import_json`, `export_json`, `import_csv`, and `export_csv` using a user-provided `filePath`. This poses a critical security risk, as a malicious prompt could instruct the AI to read sensitive server files (e.g., `/etc/passwd`) or write arbitrary files, potentially leading to remote code execution or data exfiltration. Additionally, the backend spawns the MCP server as a child process; while the default path is relative, if `SPREADJS_MCP_PATH` were to be controlled by an attacker, it could lead to arbitrary code execution. The application also handles arbitrary file uploads, which are then analyzed by the AI, increasing the potential attack surface if combined with the filesystem manipulation tools.
Similar Servers
mcp-gsheets
This server integrates Google Sheets functionality with Model Context Protocol clients, enabling AI models to programmatically read, write, and manage spreadsheet data and properties.
mcp
A TypeScript SDK for building and interacting with Model Context Protocol (MCP) servers, facilitating AI agent interaction through exposed tools, prompts, and resources via JSON-RPC over HTTP/SSE.
OpenFoodFacts-MCP
Provides contextual information and specialized tools for Open Food Facts data and development tasks to AI-powered development tools using the Model Context Protocol.
photons
Photons are single-file TypeScript MCP servers designed to supercharge AI assistants with focused capabilities, providing a marketplace of tools for various domains like file operations, cloud integrations, and database management.