mcp-security
Verified Safeby aself101
Overview
Provides NBA statistics, live scores, and player/team data from public APIs.
Installation
cd cookbook/nba-server && npm run build && node dist/index.jsEnvironment Variables
- VERBOSE_LOGGING
Security Notes
The server leverages the `mcp-security` framework, which implements a 5-layer defense-in-depth model against various injection attacks, path traversal, SSRF, deserialization, XSS, and more. This specific NBA server is read-only and requires no authentication, further reducing its attack surface. While the broader framework's test server includes an `eval`-like `Function` for a calculator demonstration, it is explicitly sanitized and not present in this NBA server's domain-specific logic. The overall design prioritizes security, with built-in rate limiting and side effect declarations for network calls.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
hyper-mcp
A fast, secure Model Context Protocol (MCP) server that extends its capabilities through WebAssembly plugins, enabling AI agents to access tools, resources, and prompts.
mcp-watch
A comprehensive security scanner for Model Context Protocol (MCP) servers, detecting various vulnerabilities in their implementations.
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.