mcp-servers-test
by Vid-Juric
Overview
This repository serves as a test suite for validating MCP (Model Context Protocol) configuration discovery and vulnerability scanning tools.
Installation
npx -y 4oimage-mcpEnvironment Variables
- ALIBABA_CLOUD_ACCESS_KEY_ID
- ALIBABA_CLOUD_ACCESS_KEY_SECRET
- API_KEY
- AWS_SECRET_ACCESS_KEY
- AWS_ACCESS_KEY_ID
- AWS_REGION
- FIRECRAWL_API_KEY
- CONTEXT7_API_KEY
Security Notes
The repository's configuration files define multiple MCP servers, many of which involve executing third-party npm packages (e.g., '4oimage-mcp', 'abp-io-mcp-server', '@agent-infra/mcp-server-browser', '@upstash/context7-mcp') or a Docker image ('ashgw/s3-mcp:latest'). Crucially, one configuration directly specifies running a package from a GitHub URL ('github:hongsw/aligo-sms-mcp-server'), which is a significant security risk as it allows arbitrary code execution from an unverified source. Furthermore, while API keys and secrets are represented by placeholders (e.g., 'YOUR_API_KEY', 'your_access_key'), the configuration structure encourages direct embedding of sensitive credentials, posing a risk for misconfiguration if not properly managed. The use of 'powershell' to execute a local '.ps1' script also carries risk if the script's content is not fully audited. No obfuscation or 'eval' statements were explicitly found within the truncated source code.
Similar Servers
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
mcp-audit
Security audit and governance for AI agent configurations (MCPs) in development environments and GitHub repositories.
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
mcp-jest
A testing framework for Model Context Protocol (MCP) servers, allowing automated validation of AI agent tools, resources, and prompts.