MCP-Client-Host-Java

1. Arbitrary Command Execution (Critical): The `MCPStdioClient` executes arbitrary shell commands (`spec.getCommand()`, `spec.getArgs()`) configured for an MCP Server. If a malicious server configuration is registered (e.g., via the exposed `/api/mcp/servers` endpoint), it can lead to remote code execution on the `mcp-client` host. This is a severe vulnerability. 2. Plaintext gRPC Communication (High): The `GrpcClientConfig` uses `usePlaintext()` for gRPC communication between `mcp-host` and `mcp-client`. While noted for development, this is a significant security risk in production as it exposes sensitive data and is vulnerable to Man-in-the-Middle attacks. 3. Sensitive Information Exposure (Medium): Environment variables for API keys (e.g., `TAVILY_API_KEY`) can be passed to container environments for tool execution. While standard for Docker, these should be carefully managed (e.g., using Docker Secrets) and the `.env` file secured, especially given the arbitrary command execution risk.