meds-mcp

The FastAPI server for the React interface enables CORS with `allow_origins=['*']`, which is a significant security risk for production deployments, as it allows any domain to access resources on the server. The system heavily relies on `secure-llm`, a private library that requires Stanford VPN connectivity and specific API credentials (`VAULT_SECRET_KEY`), placing a high dependency on a secured Stanford internal infrastructure and the library's unexamined implementation. MeiliSearch, used for faceted search, is expected to run locally; if it were exposed externally without authentication, it would pose a risk. The caching mechanism for the BM25 search index uses Python's `pickle`; while a content hash verifies the cache, untrusted cache data could theoretically lead to deserialization vulnerabilities if the hash or `bm25s` library were compromised. File operations for loading patient XMLs and managing cache directories appear to derive paths from controlled sources, mitigating path traversal risks. No direct `eval` or `exec` on unvalidated user input was found.