mcp-gpt-proxy
Verified Safeby axite-ai
Overview
Acts as a proxy to inject rich UI widgets from the OpenAI Apps SDK into responses from any existing Model Context Protocol (MCP) server without modifying the original server.
Installation
pnpm devEnvironment Variables
- MCP_SERVER_URL
Security Notes
The proxy forwards requests to an upstream MCP server configured via an environment variable (`MCP_SERVER_URL`). If not properly secured in deployment, using `x-forwarded-proto` and `host` headers to construct the `baseUrl` for fetching widgets could potentially be susceptible to host header manipulation (SSRF). However, the `isWidgetUri` and `extractWidgetPath` functions ensure that only pre-defined widget paths (from `proxy.config.ts`) are ever requested, significantly limiting the scope of any potential SSRF. Content Security Policy (CSP) can be configured per widget, enhancing security. No obvious hardcoded secrets or direct 'eval' of untrusted input were found. Proper deployment in a hardened environment (e.g., behind a trusted reverse proxy) is crucial.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp
This SDK provides client and server implementations for the Model Context Protocol (MCP), enabling communication between AI agents/LLMs and external services like tools, prompts, and resources via JSON-RPC over HTTP/SSE.
inspector
An interactive developer tool for testing and debugging MCP (Model Context Protocol) servers, including support for MCP-UI and OpenAI Apps SDK widgets.
toolhive-cloud-ui
A Next.js application for visualizing MCP (Model Context Protocol) servers in user infrastructure with easy URL copying for integration with AI agents.