dotty-mcp
by Linyxus
Overview
A Model Context Protocol (MCP) server for interacting with and developing the Scala 3 compiler via SBT.
Installation
uvx dotty-mcpSecurity Notes
CRITICAL: The server is vulnerable to command injection. The `scalac` and `testCompilation` tools construct SBT commands using user-provided arguments (`file`, `options`, `pattern`) and directly send them to an underlying `sbt` shell process via `pexpect.sendline()`. An attacker capable of controlling these arguments can inject and execute arbitrary shell commands on the host system where `dotty-mcp` is running (e.g., `scalac("; rm -rf /;", [])`). This represents a severe remote code execution vulnerability.
Similar Servers
chimp
Builds Model Context Protocol (MCP) servers in Scala 3, exposing type-safe tools over a JSON-RPC HTTP API.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.
mcp-client-server
A specialized Model Context Protocol (MCP) server designed to act as a testing harness for developing and iterating on other MCP servers within a Claude AI environment.