mcbox
Verified Safeby andreswebs
Overview
Provides a lightweight and portable pluggable MCP (Model Context Protocol) server for AI agents to execute local tools via stdio transport.
Installation
mcboxEnvironment Variables
- MCBOX_DATA_HOME
- MCBOX_CONFIG_HOME
- MCBOX_SERVER_CONFIG_FILE
- MCBOX_TOOLS_CONFIG_FILE
- MCBOX_TOOLS_LIB_FILE
- MCBOX_CORE_LIB_FILE
- MCBOX_TOOLS_FUNCTION_NAME_PREFIX
- MCBOX_LOG_LEVEL
- OTEL_LOG_LEVEL
- XDG_CONFIG_HOME
- XDG_DATA_HOME
Security Notes
The server design emphasizes security through stdio transport and JSON schema validation of tool inputs. It uses `jq` for safe parsing of JSON arguments, mitigating common shell injection risks for core operations. However, the overall security critically depends on the custom tool implementations (`tools.bash`) provided by the user. If user-defined tools do not properly validate and sanitize their inputs, especially when calling external commands (e.g., `sqlite3` without sanitizing the query), vulnerabilities could be introduced. The documentation explicitly highlights input validation as a best practice for tool developers.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
MCP-Agent
An autonomous AI agent designed to discover, connect to, and utilize tools and resources from various Model Context Protocol (MCP) servers to accomplish tasks.