ashen-mcp-server
by JJAMAWAVE
Overview
The server provides a Meta-Controller Protocol (MCP) compliant API to interact with local Ollama language models, offering text analysis, arbitrary model calls, and file summarization capabilities.
Installation
python mcp_server.pyEnvironment Variables
- PORT
Security Notes
CRITICAL COMMAND INJECTION VULNERABILITY: The server uses `subprocess.run` and `subprocess.check_output` to execute the `ollama` CLI tool. Parameters like `model` and `prompt` are taken directly from user-supplied RPC requests without apparent sanitization, making the server highly vulnerable to command injection. A malicious user could craft inputs to execute arbitrary commands on the host system (e.g., via the `call_ollama` or `analyze_text` methods). Additionally, `summarize_file` allows reading arbitrary file paths, although existence is checked, it still poses a potential information disclosure risk if combined with command injection to execute other tools.
Similar Servers
Test_Remote_MCP-Server
A Python-based server application designed for remote access, likely implementing a Message Control Protocol (MCP) or similar custom service.
mcp-python-server
Provides a server implementation using Python, likely for a specific protocol or game environment (e.g., Minecraft Coder Pack) based on the 'MCP' naming convention.
Meta-MCP-Server
Dynamically create and manage specialized child MCP servers from templates or scripts, orchestrating their execution to accomplish complex tasks, primarily for AI clients.
fusion-mcp
An MCP server for Autodesk Fusion 360 to manage CAD data, export designs, automate tasks via Design Automation, and handle webhooks.