RDFPortal-MCP
by arkinjo
Overview
This server facilitates querying biological and biomedical RDF databases via SPARQL and interacts with various biological/biomedical REST APIs, designed for integration with conversational AI platforms like Claude.
Installation
uv run src/server.pySecurity Notes
CRITICAL: The `save_MIE_file` function in `src/server.py` is vulnerable to path traversal. The `dbname` parameter is directly used in `os.path.join(MIE_DIR, f'{dbname}.yaml')`. If a malicious `dbname` (e.g., `../../../malicious.yaml`) is provided, an attacker can write arbitrary content to files outside the intended 'mie' directory. This constitutes a severe remote arbitrary file write vulnerability, which can lead to Remote Code Execution (RCE) if an attacker can write to sensitive locations on the server's file system. Additionally, the server allows execution of arbitrary SPARQL queries on configured endpoints. While endpoints are whitelisted, the queries themselves are not sanitized, posing a potential risk of denial of service or data exfiltration on the target SPARQL endpoints.
Similar Servers
knowledgebase-mcp
Provides a standardized connection layer between artificial intelligence systems (LLMs) and biomedical research resources for information retrieval and domain-specific tasks.
aws-sa-tools-mcp-server
A Model Context Protocol (MCP) server that provides tools to interact with AWS services and an optional vector store for document search, primarily designed for integration with Claude Desktop.
PDBe-MCP-Servers
Provides Model Context Protocol (MCP) servers to integrate PDBe's structural biology data (API, Graph, Search) into AI-powered applications like Claude Desktop.
chuk-mcp-math-server
Provides a highly configurable, high-performance server for a wide range of mathematical computations via the Mathematical Computation Protocol (MCP).