Ai-doctor

Critical security risks identified: The provided demo client (`mcp-client-demo`) has a hardcoded `QWEN_API_KEY`, which is a severe vulnerability for any deployment using that client. The `mcp-server` implements a `crawlWeb` tool that fetches content from a URL dynamically provided by the LLM. This introduces a risk of prompt injection, potentially leading the LLM to crawl malicious sites, exploit browser vulnerabilities in Playwright, or facilitate Server-Side Request Forgery (SSRF) if the Playwright instance is not properly isolated. Additionally, the `ai-doctor-server` uses `app.enableCors({ origin: '*' })` (allowing all origins), which is a security anti-pattern in production, potentially exposing the API to Cross-Site Request Forgery (CSRF) or other cross-origin attacks. While the `JSON.parse` calls are expected to handle LLM-generated tool arguments structured according to Zod schemas, a robust validation layer is crucial to prevent parsing arbitrary or malicious strings if schema bypasses were possible.