ansible-network-mcp

CRITICAL: The `install.sh` script creates `group_vars/qfx_switches.yml` with hardcoded default credentials (`ansible_user: root`, `ansible_password: Admin123_`). This is a severe security risk, as these are exposed and may be forgotten. Users are strongly advised to change these immediately and consider Ansible Vault for sensitive data. CRITICAL: The server explicitly sets `ANSIBLE_HOST_KEY_CHECKING=False` in its subprocess calls and recommends it in `ansible.cfg` and Claude Desktop configuration. This disables host key verification, making it vulnerable to Man-in-the-Middle (MITM) attacks during SSH/NETCONF connections. POSITIVE: Input sanitization functions (`sanitize_input`, `sanitize_filename`) and path traversal checks (`safe_path_join`, `full_path.startswith(ANSIBLE_DIR)`) are implemented, which helps mitigate command injection and file system access vulnerabilities within the tool's operations. File operations are restricted to the configured Ansible directory.