mcp-server
Verified Safeby cap-js
Overview
A Model Context Protocol (MCP) server designed to assist AI models in the development of SAP Cloud Application Programming Model (CAP) applications by providing tools for model analysis and documentation search.
Installation
npx -y @cap-js/mcp-serverEnvironment Variables
- CDS_MCP_REFRESH_MS
- GLOBAL_AGENT_HTTP_PROXY
- GLOBAL_AGENT_HTTPS_PROXY
Security Notes
Potential Path Traversal Vulnerability: The `search_model` tool takes a `projectPath` argument, which is then passed to `cds.resolve` and `findCdsFiles`. The current code does not explicitly sanitize `projectPath` against path traversal attempts, meaning a malicious input could potentially lead to arbitrary file system access if `cds.resolve` or underlying Node.js `fs` operations do not sufficiently mitigate this. The `createEmbeddings` function also performs file I/O using an `id` parameter, which could be a path traversal vector if this function were exposed to untrusted input (currently it's internal to `searchMarkdownDocs` which uses a hardcoded ID, and commented as 'not for production'). No obvious hardcoded secrets or 'eval' usage found. External models are downloaded from trusted sources (HuggingFace, cap.cloud.sap).
Similar Servers
context-portal
A database-backed Model Context Protocol (MCP) server for managing structured project context, designed to be used by AI assistants and developer tools within IDEs and other interfaces for Retrieval Augmented Generation (RAG) and prompt caching.
mcp-servers
Provides a curated collection of Model Context Protocol (MCP) server configurations to enable AI agents to interact with various developer tools and services.
mcp-server
A Model Context Protocol (MCP) server that provides tools to assist AI agents in UI5 (OpenUI5/SAPUI5) application development, streamlining development workflows by automating tasks and providing UI5-specific information.
cap-mcp-plugin
Integrate SAP CAP services with AI agents using the Model Context Protocol (MCP) by automatically generating MCP servers from annotated CAP services, enabling AI-native data access, intelligent automation, and business intelligence.