TaskMCP
Verified Safeby aosyang
Overview
A multi-workspace task management system enabling hierarchical organization, real-time synchronization, and AI Agent interaction via an MCP server for natural language task operations.
Installation
python app.pySecurity Notes
The Flask `SECRET_KEY` is hardcoded (`'task-secret-key'`) in `app.py`, which is a critical security vulnerability for any deployment beyond local development, as it allows session hijacking and other attacks. The `update_task_comments_from_file` MCP tool in `mcp_server.py` allows reading content from an arbitrary `file_path` on the server if the AI agent or a malicious user can control this parameter, posing a risk of local file disclosure. However, SQL injection is prevented through parameterized queries, and XSS is mitigated on the frontend using DOMPurify with strict configurations for markdown rendering. The option to bind to `0.0.0.0` for network access is documented.
Similar Servers
claude-todo-emulator
Provides persistent task management for AI coding assistants within IDEs like Cursor and Windsurf by emulating Claude Code's todo system.
Teamwork-MCP
The MCP server simplifies interaction with the Teamwork.com API, enabling AI agents to manage projects, tasks, people, and companies within Teamwork.
Omnispindle
Omnispindle is a coordination layer providing standardized MCP tools for AI agents to manage todos, capture lessons, and handle cross-project coordination within the Madness Interactive ecosystem.
AI-Prompt-Guide-MCP
Orchestrates AI agents for project management and development workflows by linking structured markdown specifications and tasks.