mcp-schema-server
Verified Safeby Prantick
Overview
Provides a zero-config framework for building Model Context Protocol (MCP) servers using a manifest file, enabling schema-driven tool, resource, and prompt exposure.
Installation
node dist/server.jsSecurity Notes
The server primarily communicates via standard I/O (StdioServerTransport), which limits external network attack surface. Input validation for tools is enforced using AJV against defined `inputSchema` in the manifest, a strong practice. However, error messages returned from handlers include the full `err.message`, which could potentially leak sensitive internal information if handlers are not careful about what they throw. Loading the `manifest.json` via `fs.readFileSync` could theoretically be a path traversal risk if the `manifestPath` input were user-controlled and not properly sanitized, though typical usage (e.g., `path.join(__dirname, "manifest.json")`) mitigates this.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
frontmcp
The CodeCall plugin provides AgentScript-based meta-tools for orchestrating MCP tools, enabling programmatic discovery, description, execution, and invocation of server capabilities within a sandboxed JavaScript environment.
mcp-kit
A CLI tool for scaffolding new Model Context Protocol (MCP) applications, including MCP Servers and Clients.
template-mcp-server
Provides a CLI tool and template to quickly get started building a Model Context Protocol (MCP) server using FastMCP, supporting both stdio and HTTP transports.