repo-reader-mcp
by ZebraRoy
Overview
Provides LLMs and agents with targeted and efficient access to specific parts of a repository, acting as a context management protocol.
Installation
npx -y repo-reader-mcp --name=my-repo --repo-path=https://github.com/user/repo --personal-token=your-tokenSecurity Notes
The server has a critical ReDoS (Regular Expression Denial of Service) vulnerability in the `search` function (`src/utils/search.ts`). If the `regex` parameter is set to `true`, the user-provided `query` string is used directly to construct a regular expression without sanitization. An attacker could craft a malicious regex (e.g., `(a+)+b`) to cause catastrophic backtracking, leading to high CPU usage and a denial of service for the server. Additionally, while the `simple-git` library handles token insertion for various git hosts, passing `--personal-token` via CLI arguments means the token could be visible in process listings or logs, although this is common practice for CLI tools. The cloning of arbitrary repositories to a temporary directory could also pose risks if subsequent actions were to execute code from a malicious repo, but this server primarily reads files.
Similar Servers
github-mcp-server
The GitHub MCP Server enables AI agents, assistants, and chatbots to interact with GitHub's platform for repository management, issue/PR automation, CI/CD intelligence, code analysis, and team collaboration through natural language.
code-index-mcp
Intelligent code indexing and analysis for Large Language Models, enabling tasks such as code review, refactoring, documentation generation, debugging assistance, and architectural analysis.
octocode-mcp
The Octocode Research server enables AI agents to perform expert code forensics and deep-dive research across local filesystems (LSP, ripgrep, file I/O) and external GitHub repositories (code search, repo structure, pull requests, package search). It's optimized for architectural analysis, pattern discovery, and implementation planning.
Context-Engine
Self-improving code search and context engine for IDEs and AI agents, providing hybrid semantic/lexical search, symbol graph navigation, and persistent memory.