readwise-mcp

The project demonstrates strong security practices: API keys are handled securely via environment variables or a local config file with restrictive permissions (0o600 for files, 0o700 for directory) and are not logged. All tool parameters undergo robust input validation using JSON Schema and custom functions to prevent common attacks. Destructive operations (e.g., delete, bulk actions) require explicit confirmation strings from the AI assistant as a human-in-the-loop safety mechanism. Built-in rate limiting and exponential backoff enhance resilience. Comprehensive error handling prevents sensitive data leakage. CORS is configurable to meet platform-specific requirements. No 'eval' or code obfuscation was detected. The primary implementation (`src/server.ts` and `src/smithery.ts`) relies on the `@modelcontextprotocol/sdk` for secure interaction. A minor potential concern is the presence of `simple-server.ts` and related files (which are explicitly excluded from the main build via `tsconfig.json`), as they might have less robust security compared to the main implementation if deployed incorrectly.