server-mcp

The core MCP server application correctly utilizes environment variables for database credentials, which is good practice. However, the `docker-utils.sh` script, used for common operations, hardcodes default passwords ('mongopassword', 'mysqlrootpassword') when accessing the database shells (e.g., `mongosh -u admin -p mongopassword ...`). While the README advises users to update their `.env` file with strong credentials, this helper script does not reference those `.env` variables for shell access, creating a potential exposure if a user updates `.env` but forgets about the script's hardcoded defaults, or if the script itself is run in an insecure environment. Additionally, `curl` commands in `docker-utils.sh` hardcode `localhost` ports (8080, 3000) for health checks, which may not align with custom `MCP_SERVER_PORT` or `FRONTEND_PORT` values in `.env`.