pa_agent
by amanzoni1
Overview
A comprehensive personal assistant conversational agent providing RAG, web search, financial data, and personal memory capabilities.
Installation
docker compose up -dEnvironment Variables
- REDIS_URI
- POSTGRES_URI
- OPENAI_API_KEY
- PINECONE_API_KEY
- PINECONE_ENV
- TAVILY_API_KEY
- COINMARKETCAP_API_KEY
Security Notes
CRITICAL VULNERABILITIES: The `save_uploaded_file` tool directly uses a user-provided `filename` with `pathlib.Path(filename).expanduser().resolve()`. This allows for arbitrary file write and path traversal, enabling an attacker to overwrite critical system files or write malicious content to arbitrary locations. The `extract_tables` tool uses `tabula-py` which executes a Java process, potentially opening a remote code execution (RCE) vector if untrusted PDF files are processed. Additionally, `npx @shinzolabs/coinmarketcap-mcp` runs an external Node.js package via `stdio` transport, introducing a dependency on a third-party executable which could have its own vulnerabilities. Reliance on LLM's 'good behavior' to prevent malicious tool arguments is insufficient.
Similar Servers
5ire
An Electron-based AI Assistant client that connects to and manages various LLM providers and Model Context Protocol (MCP) servers, offering tools, prompts, and knowledge base functionalities.
context-portal
Manages structured project context as a knowledge graph for AI assistants and developer tools within IDEs, enabling Retrieval Augmented Generation (RAG) and prompt caching.
Little_MCP
A local AI assistant leveraging Retrieval-Augmented Generation (RAG) and multi-tool agents for document Q&A, real-time information, and SQL database interaction.
mcp-technical-analysis
A comprehensive Model Context Protocol (MCP) server that bridges AI assistants with professional cryptocurrency market analysis capabilities, real-time market data, technical analysis, and Hyperliquid trading execution.