mcbox
Verified Safeby andreswebs
Overview
A pluggable MCP (Model Context Protocol) server for local AI agents to execute user-defined tools written in Bash or any other programming language.
Installation
mcboxEnvironment Variables
- MCBOX_DATA_HOME
- MCBOX_CONFIG_HOME
- MCBOX_SERVER_CONFIG_FILE
- MCBOX_TOOLS_CONFIG_FILE
- MCBOX_TOOLS_LIB_FILE
- MCBOX_CORE_LIB_FILE
- MCBOX_TOOLS_FUNCTION_NAME_PREFIX
- MCBOX_LOG_LEVEL
- OTEL_LOG_LEVEL
- XDG_CONFIG_HOME
- XDG_DATA_HOME
Security Notes
The core server is designed to be lightweight and uses stdio for communication, limiting direct network exposure. It relies on JSON schemas for input validation and provides helper functions like `is_readable_file` to mitigate common shell vulnerabilities. However, the security largely depends on the user's implementation of custom tools in `tools.bash`. Improper sanitization of `jq --raw-output` results or unvalidated file paths in tool functions could lead to shell injection or path traversal vulnerabilities. Users must follow best practices for secure shell scripting when adding tools.
Similar Servers
mcp-servers
Provides a curated collection of Model Context Protocol (MCP) server configurations to enable AI agents to interact with various developer tools and services.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
MCP-Agent
An AI agent for discovering, connecting to, and interacting with Model Context Protocol (MCP) servers and their provided tools, resources, and prompts.