mcpManager
by SeanAtsatt
Overview
A system for dynamically managing Model Context Protocol (MCP) servers in Claude Code, providing per-project configurations, profile management, and discovery of new MCPs from the Docker catalog.
Installation
./scripts/run.shSecurity Notes
The system is vulnerable to remote code execution (RCE) via shell injection. MCP commands defined in 'registry.json' (especially those discovered from external catalogs) are constructed using `print(' '.join(cmd))` in Python scripts and then directly executed within shell scripts. If a malicious MCP entry provides a crafted 'command' array (e.g., `["ls", "-l; rm -rf /"]`), it would lead to arbitrary command execution when applied. Additionally, the 'mcp-helpers.sh' script is intended to be sourced into the user's shell, broadening the attack surface if the script itself or its dependencies are compromised. The direct deletion of local settings files by '/project-update' is also a potential risk if its verification is flawed.
Similar Servers
claude-code-subagents-collection
Provides a command-line interface to browse, install, manage, and verify Claude Code subagents, commands, and external MCP (Model Context Protocol) servers, facilitating local and project-level configuration for development workflows.
mcp-manager
A web GUI to easily manage and configure Model Context Protocol (MCP) servers for the Claude Desktop app on MacOS, generating terminal commands for installation and setup.
mcpick
Dynamically manages MCP server configurations for Claude Code to optimize context usage and performance, offering interactive control over server enablement, backups, and profiles.
consult-llm-mcp
An MCP server that allows an AI agent (Claude Code) to consult more powerful external AI models for code analysis, debugging, and review, providing relevant files and git diffs as context.