MCP-test
by Storm00212
Overview
Provides a futuristic terminal-like interface for an MCP server to launch applications, perform RAG queries on class notes, and integrate with engineering software.
Installation
node src/index.jsEnvironment Variables
- OPENAI_API_KEY
Security Notes
CRITICAL security risks identified. The server heavily relies on `child_process.exec` to launch applications and execute commands (e.g., `open_proteus`, `open_matlab`, `execute_git_bash_command`). User-provided input for parameters like `filePath`, `args`, and `command` is directly concatenated into shell commands without apparent sanitization, making the server highly vulnerable to remote code execution (RCE) via command injection. Furthermore, the Electron frontend (electron-app/src/main.js) uses `nodeIntegration: true` and `contextIsolation: false`, which are deprecated and insecure Electron settings, giving the renderer process direct access to Node.js APIs and the ability to invoke highly privileged MCP tools with malicious arguments. This combination presents an extremely high security risk.
Similar Servers
wcgw
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
seline
A backend API server for managing and executing ComfyUI workflows, capable of dynamically generating API endpoints for workflows, building Docker containers for custom nodes and models, and providing an execution queue. It integrates with the Model Context Protocol (MCP) to expose its capabilities to client applications.
MCP-Dandan
Integrated monitoring service for MCP (Model Context Protocol) communications that detects and blocks security threats in real time, featuring an Electron-based desktop UI for management.
autosteer
An AI-powered desktop application (AutoSteer) designed to assist developers with coding, project management, and integrating various development tools. It provides a conversational interface with AI agents, manages projects as Git worktrees, offers an integrated terminal, Git changes viewer, and advanced tab management for session isolation and persistence. It also integrates with Multi-Cloud Platform (MCP) servers for extended functionality.