mcp-hub
by ashen-dusk
Overview
Manages, connects to, and interacts with Model Context Protocol (MCP) servers using AI agents and a GraphQL API, providing category-based organization and user-isolated state.
Installation
uv run uvicorn assistant.asgi:application --reloadEnvironment Variables
- SECRET_KEY
- DEBUG
- ALLOWED_HOSTS
- GOOGLE_CLIENT_ID
- OPENAI_API_KEY
- DEEPSEEK_API_KEY
- TAVILY_API_KEY
- REDIS_URL
- NEXT_PUBLIC_APP_URL
- BACKEND_URL
- OPENROUTER_API_KEY
Security Notes
The server allows configuration of `stdio` transport type for MCP servers, which executes arbitrary commands and arguments directly on the host machine. If an authenticated user (even an owner, not just admin) can configure `command` and `args` in the `MCPServer` model, it creates a severe remote code execution vulnerability. There is no explicit input sanitization or whitelisting for these fields. Additionally, the system makes dynamic external requests to `server.url` during OAuth discovery, token exchange, and FastMCP client operations, which could potentially expose the backend to SSRF or other network-based attacks if `server.url` is controlled by a malicious actor and not adequately validated beyond basic URL parsing.
Similar Servers
context-portal
Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.
agentxsuite
A unified open-source platform for connecting, managing, and monitoring AI agents and tools across various Model Context Protocol (MCP) servers.
atlantis-mcp-server
An MCP (Model Context Protocol) server for hosting and managing dynamic Python functions and third-party MCP tools, enabling AI agents to discover and utilize shared capabilities across a network.
noteit-mcp
Provides an HTTP Model Context Protocol (MCP) server for AI coding tools to access structured agent profiles and personalized notes, enhancing AI development workflows.