academia_mcp

The `compile_latex` tool allows compilation of LaTeX code from files within the `WORKSPACE_DIR`. If an attacker can control the content of these LaTeX files, they could potentially execute arbitrary system commands via LaTeX's `\write18` feature or similar mechanisms, leading to remote code execution. The `visit_webpage` tool can fetch content from arbitrary URLs, which could pose a Server-Side Request Forgery (SSRF) risk if not used carefully, though this is an intended feature. PDF parsing/downloading also introduces risks if processing malicious PDF files. The optional token-based authentication stores tokens in plaintext in `tokens.json` (mode 600), which requires careful protection of the file itself and use over HTTPS.