app
by Cronos402
Overview
Main web application and payment gateway for Cronos Model Context Protocol (MCP) services, enabling server registration, wallet authentication, payment processing, and usage analytics.
Installation
pnpm devEnvironment Variables
- NODE_ENV
- NEXT_PUBLIC_AUTH_URL
- NEXT_PUBLIC_MCP2_URL
- NEXT_PUBLIC_MCP_PROXY_URL
- NEXT_PUBLIC_MCP_DATA_URL
- NEXT_PUBLIC_API2_URL
- NEXT_PUBLIC_FACILITATOR_URL
- NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID
- NEXT_PUBLIC_MCP_SERVER_URL
Security Notes
The `mcp-proxy` API route (`src/app/api/mcp-proxy/route.ts`) is vulnerable to Server-Side Request Forgery (SSRF). It decodes a `target-url` parameter from the request and uses it directly in a server-side `fetch` call without sufficient URL validation or whitelisting. This allows an authenticated user to potentially make arbitrary requests from the server to internal network resources or external hosts. While the application uses Drizzle ORM for database interactions and `better-auth` for authentication, this specific proxy vulnerability is critical. There are no explicit hardcoded secrets observed, and text sanitization is used for display purposes, which are good practices. The project mentions 'TODO: add withProxy and LoggingHook back in' which suggests intended security/logging features are currently absent from the proxy.
Similar Servers
kukapay-mcp-servers
Aggregates real-time cryptocurrency and blockchain data for AI agents and developers, spanning DeFi, trading, market analytics, and Web3 services.
solx402-mcp-server
The SOLx402 MCP Server enables AI assistants to interact with the x402 payment protocol on Solana, providing tools for service discovery, consumption, USDC payments, and access to Solana development resources.
mcp-x402
Generates X402 payment headers and looks up associated wallet addresses for internet-native payments using the Model Context Protocol.
x402-mcp-server
Enables AI agents to pay for x402-protected database queries and API calls using USDC on the Base blockchain.