climcp
by aster-void
Overview
Provides a command-line interface for interacting with Model Context Protocol (MCP) servers, allowing users to list and call tools either interactively or for one-shot execution.
Installation
bun src/index.tsSecurity Notes
The primary security risk lies in the `stdio` transport method, where the `target` argument (a user-provided string) is directly used as a command to be executed. This allows for arbitrary command execution. For example, `climcp run "rm -rf /" some_tool` would attempt to execute `rm -rf /` as the MCP server. This is a critical vulnerability if the input `target` is not trusted or properly sanitized by the caller. Other input parsing (JSON5, query-style) seems robust, but the initial command execution is a severe flaw.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
cli
The Smithery CLI is a developer tool for installing, managing, building, running, and deploying Model Context Protocol (MCP) servers and integrating them with various AI clients.
mcp-kit
A CLI tool for scaffolding new Model Context Protocol (MCP) applications, including MCP Servers and Clients.
mcp-typescript-template
This project provides a foundational TypeScript template for developing remote Model Context Protocol (MCP) servers with robust tooling and best practices.