MCP-connect

CRITICAL VULNERABILITIES: The `/bridge` endpoint allows an unauthenticated or authenticated client to specify an arbitrary `serverPath` in the request body. If this `serverPath` is a command (e.g., `rm -rf /`), the `MCPClientManager` will directly execute it via `StdioClientTransport`. This is a direct command injection vulnerability. Additionally, the `AUTH_TOKEN` environment variable defaults to an empty string, meaning the server runs unauthenticated by default. This allows any client to make calls, including exploiting the command injection. The `deploy/e2b/sandbox_deploy.py` script also fetches `startup.sh` and other configuration from a `remote_base` URL by default, which introduces a supply chain risk if the remote source is compromised. Sensitive environment variables like `N8N_API_KEY` can be included in `mcp-servers.json` and are handled via environment variable resolution, requiring careful management to prevent leaks.