onboarded-mcp
by OnboardedInc
Overview
An MCP server enabling AI assistants to interact with the Onboarded platform's APIs, manage entity state, and optionally access local repository files.
Installation
node dist/index.jsSecurity Notes
CRITICAL VULNERABILITY: The `src/lib/keychain.ts` file uses `child_process.execSync` to run a shell command. The `profile` variable, which is user-controlled input from tool arguments, is directly embedded into the shell command string without sanitization or proper escaping. This creates a shell injection vulnerability (e.g., `profile='myprofile" -d arbitrary-command-injection; echo "'`), allowing an attacker to execute arbitrary commands on the host system where the MCP server is running. While there are path traversal checks for repository tools, this Keychain interaction flaw is severe.
Similar Servers
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
infobip-openapi-mcp
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.
mcp-helm
Provides a Model Context Protocol (MCP) server for AI assistants to interact with Helm repositories and charts without requiring a local Helm installation.
openapi-mcp-server
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.