pa_agent
by amanzoni1
Overview
A conversational AI agent providing retrieval-augmented generation, long/short-term memory, and tool integrations including a CoinMarketCap (MCP) server for financial queries.
Installation
docker compose up -dEnvironment Variables
- OPENAI_API_KEY
- LANGSMITH_API_KEY
- REDIS_URI
- POSTGRES_URI
- PINECONE_API_KEY
- TAVILY_API_KEY
- COINMARKETCAP_API_KEY
Security Notes
The system includes a `save_uploaded_file` tool that allows writing arbitrary base64-encoded content to any specified filename, making it highly vulnerable to arbitrary file write attacks, which can lead to remote code execution or system compromise if not sandboxed. It also executes external `npx` commands for the CoinMarketCap MCP server, which, while for a specific tool, introduces a potential command injection vector if not meticulously sanitized. Several tools (`web_fetch`, `index_docs`, `summarise_file`, `extract_tables`, `ocr_image`) download and process content from user-provided URLs, posing risks like SSRF, DoS via large files, and exploitation of vulnerabilities in parsing libraries. There is no clear indication of sandboxing or resource limiting for these operations.
Similar Servers
5ire
A desktop AI assistant client that integrates with various LLM providers and connects to Model Context Protocol (MCP) servers for extended tool-use and knowledge base capabilities.
context-portal
Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.
Little_MCP
A local AI assistant leveraging Retrieval-Augmented Generation (RAG) and multi-tool agents for document Q&A, real-time information, and SQL database interaction.
mcp-technical-analysis
A comprehensive Model Context Protocol (MCP) server that bridges AI assistants with professional cryptocurrency market analysis capabilities, real-time market data, technical analysis, and Hyperliquid trading execution.