Krypton.Carevo.JMR.MCP
by VinaSundar-Nat
Overview
Implements a Model Context Protocol (MCP) server for managing job listings, views, and database operations using MongoDB.
Installation
python servers/jmr-svc/src/main.pyEnvironment Variables
- ENV
- MONGO_URI
- MONGO_USERNAME
- MONGO_PASSWORD
- MONGO_DB
- API_ENDPOINT
- MCP_TRANSPORT
- ORIGINS
- DEV_SECRET_ARN
- PROD_SECRET_ARN
Security Notes
The server's 'local' configuration in `config.py` has critical security vulnerabilities: 1) It hardcodes a MongoDB password ('$ccat0.Nest'), which is highly insecure. 2) It sets CORS `allow_origins` to `['*']`, which permits requests from any domain, making the API vulnerable to cross-site scripting (XSS) and other attacks if deployed without changes. For 'development' and 'production' environments, `DEV_SECRET_ARN` and `PROD_SECRET_ARN` are empty strings, meaning secrets will not be fetched from AWS Secrets Manager unless these ARNs are configured, potentially leading to connection failures or insecure defaults if the application attempts to connect without a password.
Similar Servers
mongodb-mcp-server
Provides a robust AI agent interface for interacting with MongoDB databases and MongoDB Atlas cloud services, enabling tool-calling for data management, monitoring, and search operations.
toolhive-registry-server
The central metadata hub for enterprise Model Context Protocol (MCP) server governance and discovery, implementing the official MCP Registry API specification.
mcp-compose
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.
mcp-servers
Provides current weather conditions and forecasts from the Open-Meteo API for a given geographical location.