hr-policy-mcp
by abneetwats24
Overview
Provides HR policy documents and basic math tools as authenticated Model Context Protocol (MCP) resources for consumption by AI agents.
Installation
docker compose up --buildEnvironment Variables
- MCP_HOST
- MCP_PORT
- MCP_PATH
- MATH_MCP_PATH
- HR_POLICY_MCP_PATH
- LOG_LEVEL
- OAUTH_ISSUER_URL
- MCP_REQUIRED_SCOPE
- OAUTH_CLIENT_ID
- OAUTH_CLIENT_SECRET
Security Notes
The server uses `httpx.AsyncClient(verify=False)` when performing OAuth2 token introspection, which disables SSL/TLS certificate validation. This is a critical security vulnerability for production environments, making it susceptible to Man-in-the-Middle (MITM) attacks. Additionally, the `CORSMiddleware` is configured with `allow_origins=["*"]`, which is overly permissive and insecure for production. While basic SSRF protection is implemented for the introspection endpoint, it relies on a hardcoded whitelist of local IP ranges, which may not be comprehensive. No hardcoded secrets were found, as client credentials are expected via environment variables.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
mcp-python-starter
A feature-complete Model Context Protocol (MCP) server template in Python for developing AI applications and agents.
keycloak-mcp
Manages Keycloak users, realms, clients, roles, and groups through a standardized Model Context Protocol (MCP) interface for AI agents.
scalekit-mcp-server
This server enables AI agents to interact with Scalekit's identity platform through the Model Context Protocol (MCP) for natural language identity management.