mcp-server
Verified Safeby cap-js
Overview
A Model Context Protocol (MCP) server designed to assist AI models in the development of SAP Cloud Application Programming Model (CAP) applications by providing tools for model analysis and documentation search.
Installation
npx -y @cap-js/mcp-serverEnvironment Variables
- CDS_MCP_REFRESH_MS
- GLOBAL_AGENT_HTTP_PROXY
- GLOBAL_AGENT_HTTPS_PROXY
Security Notes
Potential Path Traversal Vulnerability: The `search_model` tool takes a `projectPath` argument, which is then passed to `cds.resolve` and `findCdsFiles`. The current code does not explicitly sanitize `projectPath` against path traversal attempts, meaning a malicious input could potentially lead to arbitrary file system access if `cds.resolve` or underlying Node.js `fs` operations do not sufficiently mitigate this. The `createEmbeddings` function also performs file I/O using an `id` parameter, which could be a path traversal vector if this function were exposed to untrusted input (currently it's internal to `searchMarkdownDocs` which uses a hardcoded ID, and commented as 'not for production'). No obvious hardcoded secrets or 'eval' usage found. External models are downloaded from trusted sources (HuggingFace, cap.cloud.sap).
Similar Servers
context-portal
Manages structured project context for AI assistants and developer tools, enabling Retrieval Augmented Generation (RAG) and prompt caching within IDEs.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
cap-mcp-plugin
Integrate SAP CAP services with the Model Context Protocol (MCP) to expose them as AI-accessible resources, tools, and prompts for natural language interaction and automation.
mcp-abap-adt
MCP server for integrating with SAP ABAP Development Tools (ADT) to perform read, write, and system operations on ABAP objects.