Agento_MCP

CRITICAL RISKS: 1. `agento:query` and `execute_sql` tool allow direct execution of arbitrary SQL queries without sanitization, leading to potential data exfiltration, modification, or deletion. 2. `magerun` tool executes arbitrary `n98-magerun2` commands with user-controlled arguments, posing severe command injection risks and enabling highly destructive operations (e.g., `db:drop`, `module:uninstall`, `admin:user:create`). 3. `clear_redis` tool executes `FLUSHALL` on Redis, wiping all Redis data (sessions, cache, etc.). 4. `MagerunInstallCommand` downloads `n98-magerun2.phar` using `CURLOPT_SSL_VERIFYPEER, false`, making the installation vulnerable to Man-in-the-Middle attacks. 5. Resources like `database_schema` and `magento_config` expose sensitive information (database schemas, config files) although read-only and with path traversal protection. Running this module grants powerful, potentially destructive access to the Magento instance via AI interaction.