remote-mcp-server-authless
by ahump20
Overview
Deploys an unauthenticated Model Context Protocol (MCP) server to Cloudflare Workers, providing a calculator agent and a file reading tool for AI clients.
Installation
wrangler devEnvironment Variables
- OAUTH_KV
- MCP_OBJECT
- ASSETS
Security Notes
The 'read_file' tool in 'src/index.ts' allows fetching content from arbitrary URLs without any input validation or domain restrictions on the 'path' parameter. This constitutes a severe Server-Side Request Forgery (SSRF) vulnerability. An attacker could exploit this to access internal network resources, perform port scanning, interact with cloud metadata APIs to retrieve sensitive credentials, or make the worker perform requests to external malicious sites, potentially aiding in DDoS attacks or data exfiltration. This is a critical security risk.
Similar Servers
axone-mcp
Acts as a gateway for AI-powered tools (like Claude) to interact with the Axone blockchain's dataverse via the Model-Context Protocol (MCP), primarily to retrieve governance code for resources.
MCP-SERVER
Provides an MCP server for automated data analysis workflows including loading datasets, cleaning data, sentiment analysis, clustering, topic extraction, and generating comprehensive reports with visualizations for an AI client.
remote-mcp-server-authless
Deploys an authentication-less Model Context Protocol (MCP) server on Cloudflare Workers, exposing basic calculator tools for AI models or clients.
remote-mcp-server-authless
Deploys an unauthenticated Model Context Protocol (MCP) server with basic calculator tools on Cloudflare Workers for AI agent integration.