mcp-gpt-proxy
Verified Safeby axite-ai
Overview
Enhances existing Model Context Protocol (MCP) servers with OpenAI GPT Apps SDK UI widgets for ChatGPT without modifying the original server.
Installation
pnpm devEnvironment Variables
- MCP_SERVER_URL
Security Notes
The proxy constructs base URLs for internal widget fetching and OAuth URL rewriting using 'x-forwarded-proto' and 'host' headers from the incoming request. If the deployment environment (e.g., a reverse proxy or load balancer) does not properly sanitize or override these headers, a malicious actor could manipulate the Host header to induce the proxy to perform Server-Side Request Forgery (SSRF) or rewrite OAuth URLs to point to a controlled domain. This is a common vulnerability with services relying on Host headers. The application explicitly filters headers for upstream forwarding, which is a good practice. No direct 'eval' or obvious malicious code patterns were found. Content Security Policy (CSP) can be configured for widgets, allowing for further hardening.
Similar Servers
emceepee
A proxy server enabling AI agents to dynamically connect to and interact with multiple Model Context Protocol (MCP) backend servers, exposing the full MCP protocol via a simplified tool interface or a sandboxed JavaScript execution environment.
toolhive-cloud-ui
A UI for interacting with AI models via OpenRouter and managing/utilizing MCP (Model Context Protocol) servers and their tools from a centralized catalog.
mcp-marketplace
A comprehensive AI agent framework that facilitates tool orchestration and access to a marketplace of MCP (Model Context Protocol) servers, offering a web-based client for chat, administration, and benchmarking.
mcp-agent-kit
Simplifies the creation and management of AI agents, chatbots, and Model Context Protocol (MCP) servers with various LLM providers.