smart-pointment
by Kakuritsu95
Overview
Manages appointments and provides personal information (Thodoris's schedule and details) via a Model Context Protocol (MCP) server, integrated with an AI model.
Installation
cd mcp-server && mvn spring-boot:runEnvironment Variables
- APP_PORT
- MCP_SERVER_URL
- OLLAMA_URL
- OLLAMA_MODEL
Security Notes
CSV Injection Vulnerability: The `CSVScheduleService` directly writes user-provided 'reason' into a CSV file without sanitization. If this CSV is subsequently consumed by a vulnerable client (e.g., a spreadsheet application), a malicious 'reason' (e.g., starting with '=', '+', '-', or '@') could trigger formula injection, potentially leading to arbitrary command execution on the client's machine. Prompt Injection Risk: The `mcp-client` utilizes an LLM (Ollama) to interpret user queries and invoke tools (`ScheduleInfoTools.doAppointment`). This introduces a risk where a sophisticated attacker could craft inputs to manipulate the LLM into making unintended tool calls or extracting sensitive information. Open CORS Policy: The `mcp-client` enables CORS for all origins (`app.use(cors())`), which is overly permissive for production and could expose the API to unwanted cross-origin requests. No `eval` or blatant obfuscation was found. No obvious hardcoded secrets in the provided code.
Similar Servers
qtmcp
Provides a Model Context Protocol (MCP) server framework for AI applications, offering tool, resource, and prompt services via HTTP.
gcal-mcp-server
Provides intelligent Google Calendar integration, event management, and scheduling capabilities through a standardized Model Context Protocol (MCP) interface for AI assistants.
qinglong-mcp-server
This is a Model Context Protocol (MCP) server for querying and executing scheduled tasks in Qinglong Panel.
own-planner
An AI-powered personal planning assistant that allows users to manage tasks and notes through conversational commands using a chat interface.