mcp-app-proxy
Verified Safeby botdojo-ai
Overview
Securely sandboxes and renders interactive UI components (MCP Apps) from various sources within a double-iframe architecture for chat conversations, ensuring isolation from the host application.
Installation
npm startSecurity Notes
The architecture leverages a double-iframe setup and different origins for strong isolation from the host application. It enforces Content Security Policy (CSP), but the `DEFAULT_CSP` is permissive, including `script-src 'unsafe-inline' 'unsafe-eval'` and `connect-src *`, `frame-src *`. While this is acknowledged and allows for broad widget compatibility, it significantly lowers the default security posture against XSS within the sandboxed app if a stricter CSP is not explicitly provided by the host. Responsibility for message validation and external link approval is shifted to the host application. The caching mechanism through `/api/cache/[key]` appears to handle key decoding robustly for resource identifiers, not file paths.
Similar Servers
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcp-proxy
A TypeScript streamable HTTP and SSE proxy for MCP servers that use stdio transport.
modular-mcp
A proxy server that efficiently manages and loads large tool collections from multiple Model Context Protocol (MCP) servers on-demand for LLMs, reducing context overhead.
emceepee
A proxy server enabling AI agents to dynamically connect to and interact with multiple Model Context Protocol (MCP) backend servers, exposing the full MCP protocol via a simplified tool interface or a sandboxed JavaScript execution environment.