alibabacloud-ack-mcp-server

The server correctly handles sensitive credentials by reading them from environment variables or command-line arguments, rather than hardcoding them. It also implements checks in `kubectl_handler.py` to prevent write operations and interactive commands in read-only mode, which is a good security practice. However, the `subprocess.run` and `subprocess.Popen` calls in `kubectl_handler.py` use `shell=True`. While the command string is constructed with the kubeconfig path and the provided command, using `shell=True` with user-controlled input (even if pre-processed by an LLM) can introduce shell injection vulnerabilities if the input is not perfectly sanitized. The current `is_write_command` and `is_interactive_command` functions are based on simple string checks, not robust command parsing, which leaves a potential attack surface. The file management for temporary kubeconfigs in `~/.kube` is reasonable, with cleanup mechanisms in place.