MCP-demo-CSCI-435
Verified Safeby Tetsukiba
Overview
Automates the end-to-end workflow from Figma design extraction and code generation, through SonarQube code quality analysis (with automated patching), to creating a GitHub Pull Request.
Installation
python sonar.pyEnvironment Variables
- GITHUB_TOKEN
- SONAR_BASE_URL
- SONAR_TOKEN
- SONAR_ORGANIZATION
- SONAR_PROJECT
Security Notes
The project correctly utilizes environment variables for sensitive tokens and implements secret redaction for logging. However, `sonar.py` executes `sonar-scanner` via `subprocess.Popen`, which, while necessary for its functionality, introduces an inherent risk if inputs (like `project_key` or `files` content) were not adequately sanitized or could be manipulated for shell injection. The current implementation appears to construct arguments safely, mitigating immediate shell injection concerns.
Similar Servers
github-mcp-server
The GitHub MCP Server enables AI agents, assistants, and chatbots to interact with GitHub's platform for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration through natural language.
figma-mcp-write-server
Enables AI agents to programmatically create, modify, and manage design elements and properties within Figma via the Model Context Protocol (MCP).
mcp-server-for-Github
Provides comprehensive GitHub workflow automation for AI-powered development teams, including Actions monitoring, advanced PR management, intelligent code search, and complete file management.
starReport
starReport is a Node.js tool for automatically generating and managing GitHub repository activity reports (stars, commits, issues), supporting MCP protocol, integrating large model AI analysis, and pushing reports to Feishu groups.