asab-mcp
Verified Safeby ateska
Overview
Serves as a Model Context Protocol (MCP) server providing tools and resources for managing Markdown notes and images.
Installation
python3 asab-mcp.pySecurity Notes
The `_normalize_path` function attempts to prevent path traversal by checking `os.path.commonpath`. However, the current implementation of `uri_template_match_` in `utils.py` is a simple string comparison and does not implement RFC 6570 URI Template Matching, which could be a vulnerability if it was intended to parse URI templates with variables allowing path traversal. The `_normalize_path` itself has a potential edge case: `os.path.abspath(os.path.join(base_path, user_path))` could resolve symlinks. If `base_path` contains a symlink pointing outside its expected root, or if `user_path` itself is a symlink, it might bypass the `commonpath` check. No `eval` or `exec` found. No hardcoded secrets are evident.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
agents-mcp-usage
This repository demonstrates the integration of a Model Context Protocol (MCP) server with various AI agent frameworks, showcasing agent communication and operation within a shared context.
inspector-assessment
Provides a comprehensive automated assessment platform for Model Context Protocol (MCP) servers, analyzing their security, functionality, protocol compliance, documentation, and various extended metrics. It acts as an inspector and auditing tool for MCP server developers and maintainers.
uapf-mcp
The uapf-mcp server acts as a Model Context Protocol (MCP) gateway for UAPF packages, connecting to a uapf-engine instance to expose UAPF tools and resources.