ha-mcp-server

The project demonstrates significant effort in security, implementing input validation, file access control (path traversal, extension/size limits, suspicious patterns), and rate limiting via `security-utils.sh`. It uses non-root Docker users and includes extensive security documentation. However, the `cache-manager.sh` script uses `eval "$command"`, allowing arbitrary command execution. While this is currently used for internal commands, its presence in a script callable by the Node.js API server (via `child_process.exec`) poses a critical remote code execution (RCE) vulnerability if an injection vector were to be discovered or introduced. Similarly, the `claude-mcp-widget.py` uses `subprocess.Popen` with f-strings for SSH commands, which, if not properly sanitized or if user input is maliciously crafted, could lead to command injection, though SSH clients typically offer some protection. Users must ensure strict control over all inputs and environments.