RTFD
Verified Safeby aserper
Overview
Provides AI coding agents with real-time access to up-to-date library and service documentation from various package ecosystems and cloud platforms to prevent LLM hallucinations and use of outdated APIs.
Installation
docker run -i --rm -e GITHUB_AUTH=token -e GITHUB_TOKEN=your_token_here ghcr.io/aserper/rtfd:latestSecurity Notes
This MCP server's core function is to fetch documentation and code from external, potentially untrusted sources (GitHub, PyPI, npm, etc.) for processing by an AI agent. This introduces significant risks, including indirect prompt injection and the potential for malicious code execution if the agent operates autonomously or processes unverified content without human oversight. The server itself avoids obvious direct vulnerabilities like arbitrary `eval()` on untrusted input or hardcoded API keys. It uses `subprocess.run` only for `gh auth token` which is a specific, generally safe operation. However, the inherent risk of its functionality means agents can be exposed to hostile content. Mitigation strategies like `RTFD_FETCH=false` (disables content fetching) and `VERIFIED_BY_PYPI=true` (restricts PyPI sources to verified ones) are provided but require explicit configuration.
Similar Servers
context7
Provides up-to-date, version-specific documentation and code examples to Large Language Models (LLMs) and AI coding assistants to improve code generation accuracy and relevance, preventing outdated or hallucinated information.
klavis
Develop and deploy AI agents that interact with a wide array of web services (e.g., Gmail, YouTube, LinkedIn, Supabase, Salesforce, Kubernetes) through a standardized Model Context Protocol (MCP), often orchestrated by an intelligent routing layer like Strata.
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
bifrost
A high-performance AI gateway with a unified interface for multiple LLM providers, offering real-time monitoring and configuration.