n1ght-mcp
by NightHammer1000
Overview
Developer toolkit enhancing AI agents with data manipulation, AI delegation, and semantic search capabilities via the Model Context Protocol.
Installation
npx tsx app.tsEnvironment Variables
- MODULES
- CUSTOM_API_KEY
Security Notes
CRITICAL RISK: The `n1ght_data_*` tools accept `filePath` as a direct input parameter, which is then used in `fs.readFile` and `fs.writeFile` operations without explicit path sanitization or containment checks (e.g., ensuring `filePath` is within `process.cwd()`). This creates a path traversal vulnerability, allowing a malicious AI agent to potentially read from or write to arbitrary locations on the host file system (e.g., `../../etc/passwd`). While the `gemini` and `codex` CLI calls escape prompts before passing them to `spawn` with `shell: true`, the general use of `shell: true` can still introduce risks if underlying CLI tools have their own vulnerabilities or if argument handling is not perfectly robust. Additionally, downloading binary models from HuggingFace (`node-llama-cpp`) introduces a supply chain risk, as a compromised model could execute malicious code.
Similar Servers
gemini-mcp-server
An MCP server providing a suite of 7 AI-powered tools (Image Gen/Edit, Chat, Audio Transcribe, Code Execute, Video/Image Analysis) powered by Google Gemini, featuring a self-learning "Smart Tool Intelligence" system for prompt enhancement and user preference adaptation.
claude-power-pack
Provides distributed locking and session coordination for Claude Code sessions via Redis, preventing conflicts during concurrent development activities.
AI-Prompt-Guide-MCP
Orchestrates AI agents for project management and development workflows by linking structured markdown specifications and tasks.
ai-control-framework
AI-powered development workflow management and prompt optimization, enforcing disciplined software development practices for AI coding agents.