azerothMCP
by blinkysc
Overview
Provides AI assistants with read-only access to AzerothCore game databases and documentation for understanding game mechanics and debugging scripts.
Installation
source venv/bin/activate && python main.pyEnvironment Variables
- DB_HOST
- DB_PORT
- DB_USER
- DB_PASSWORD
- DB_WORLD
- DB_CHARACTERS
- DB_AUTH
- MCP_PORT
- READ_ONLY
- ENABLE_SPELL_DBC
- ENABLE_WIKI
- WIKI_PATH
- ENABLE_SOURCE_CODE
- AZEROTHCORE_SRC_PATH
- SOAP_ENABLED
- SOAP_HOST
- SOAP_PORT
- SOAP_USERNAME
- SOAP_PASSWORD
- ENABLE_PACKET_PARSER
- WPP_PATH
- DOTNET_PATH
- ENABLE_SANDBOX
- LOG_TOOL_CALLS
- LOG_LEVEL
- MAPS_PATH
- VIZ_HOST
- VIZ_PORT
Security Notes
The `azerothmcp/tools/sandbox.py` module, when `ENABLE_SANDBOX=true` (which is default), allows the execution of arbitrary Python code via the `execute_investigation` tool. While it implements `validate_code` with a `FORBIDDEN_PATTERNS` blacklist and restricts built-ins to `SAFE_BUILTINS`, `exec()` is inherently dangerous when exposed to untrusted or AI-generated input due to the potential for bypasses and prompt injection attacks. This means an attacker (or a misdirected AI) could potentially execute arbitrary code on the host system. Additionally, `subprocess.run` is used in `packets.py` (for WowPacketParser) and `source.py` (for grep), which, if paths or arguments were manipulated, could lead to arbitrary command execution. The default `READ_ONLY=true` for database operations is a good security practice, but can be disabled.
Similar Servers
context7
Provides up-to-date, version-specific documentation and code examples to Large Language Models (LLMs) and AI coding assistants to improve code generation accuracy and relevance, preventing outdated or hallucinated information.
mcp
Provides AI assistants with direct, secure access to the latest official Microsoft documentation to prevent hallucinations and verify code.
docs-mcp-server
The Documentation MCP Server indexes documentation from web sources, local files, and package registries, making it searchable via the Model Context Protocol (MCP) and providing semantic search capabilities to AI coding assistants.
docfork
Provides live-synced, context-aware, and version-accurate documentation to AI models, preventing hallucinations and context bloat for developer tasks.