rag-mcp-server
Verified Safeby Scarmonit
Overview
Provides semantic document search and management capabilities as a Model Context Protocol (MCP) server.
Installation
python -m rag_server.serverEnvironment Variables
- RAG_DB_PATH
- RAG_COLLECTION
Security Notes
The `ingest_file` tool allows reading arbitrary local files based on a user-provided path. While `path.resolve()` helps prevent simple path traversal, it does not prevent access to any file the server process has read permissions for (e.g., `/etc/passwd`). The `ingest_url` tool allows fetching content from arbitrary URLs, which could be exploited for Server-Side Request Forgery (SSRF) if the server is deployed in a sensitive network. There are no obvious hardcoded secrets, obfuscation, or direct use of `eval` or `exec`. The risks are primarily due to the nature of the ingestion tools if the server is exposed or run with excessive permissions.
Similar Servers
context-portal
Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.
concept-rag
This MCP server provides conceptual search, document analysis, and library exploration capabilities over a knowledge base using LanceDB and LLM-based concept extraction.
mcp-neo4j-graphrag
Extends Neo4j with vector search, fulltext search, and search-augmented Cypher queries to build powerful GraphRAG applications.
the-pensieve
The Pensieve server acts as a RAG-based knowledge management system, allowing users to store, query, and analyze their knowledge using natural language and LLM-powered insights.