mcp-conformance-action
Verified Safeby SamMorrowDrums
Overview
A GitHub Action for detecting changes to Model Context Protocol (MCP) server public interfaces by comparing API responses between branches.
Installation
node dist/index.jsEnvironment Variables
- GITHUB_REF
- INPUT_ENV_VARS (for tested server)
Security Notes
This project is a GitHub Action designed to execute user-provided shell commands for installing, building, and starting an MCP server for testing. The commands (`install_command`, `build_command`, `start_command`, `pre_test_command`, `post_test_command`, `http_start_command`) are executed using `sh -c` or `spawn` without explicit input sanitization within the action's source code. This introduces a command injection vulnerability if the inputs to the action (e.g., from a pull request by an untrusted user) contain malicious shell commands. While this is a common pattern for GitHub Actions that run user scripts, it means the security depends entirely on the trustworthiness of the workflow definition and its inputs, rather than the action itself providing safeguards. It is not an MCP server itself, but a tool for testing them.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
gh-mcp
A GitHub CLI extension to seamlessly run the github-mcp-server in a Docker container using existing `gh` authentication.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.