xhs-mcp-server

The system heavily relies on browser automation and script injection via the MCP (Model Context Protocol) bridge. This inherently involves high privileges and potential risks if not configured securely. Key concerns include: 1. Hardcoded MCP Bridge Path: The path to `mcp-server-stdio.js` is hardcoded in Python scripts, requiring manual adjustment by the user. An incorrect or malicious path could lead to arbitrary code execution in the controlled browser. 2. Session Injection: `auth.json` (containing browser cookies and localStorage) is injected into the browser. If this file is compromised or contains malicious scripts, it could lead to XSS-like vulnerabilities in the controlled browser. 3. Script Injection Tools: Functions like `inject_session` and `extract_images_from_page` explicitly inject JavaScript into the browser. While these seem controlled internally, any vulnerability in how user inputs are handled by these injection points could be exploited. Overall, the system's power to control a browser requires strict adherence to security best practices during setup and operation. The reliance on local configuration files (`auth.json`, `searcher_api.txt`) that are not committed to source control is a good practice.