qwed-mcp
by QWED-AI
Overview
Provides deterministic verification tools for LLM outputs to enhance trustworthiness in mathematical calculations, logical reasoning, code safety, and SQL queries.
Installation
qwed-mcpSecurity Notes
The `verify_math_expression` function, which accepts mathematical expressions and claimed results directly from LLMs, utilizes SymPy's `parse_expr`. `parse_expr` is a known vector for remote code execution if supplied with malicious input, as it can be used to execute arbitrary Python code (e.g., via `__import__`). Although a `local_dict` is passed, it does not fully mitigate this risk, making the server vulnerable when processing untrusted mathematical expressions. The `verify_code` and `verify_sql` engines are designed for security detection, which is positive, but the math engine poses a critical vulnerability.
Similar Servers
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
text2sim-MCP-server
The Text2Sim MCP Server enables Large Language Models (LLMs) to create, validate, and execute complex Discrete-Event Simulation (DES) and System Dynamics (SD) models through a natural language interface, providing comprehensive analytics and iterative model development capabilities.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.
sysdig-mcp-server
Serves as a Model Context Protocol (MCP) server, enabling Large Language Models (LLMs) to query and interact with the Sysdig Secure platform for security events and Kubernetes metrics.