OOMCP
Verified Safeby chefbob
Overview
Enables AI assistants to read and modify OmniOutliner documents on macOS via a localhost HTTP server.
Installation
swift run OOMCPSecurity Notes
The server uses 'osascript' to execute JavaScript for Automation (JXA) scripts against OmniOutliner. This involves dynamic script execution, which is inherently risky. The application explicitly disables the macOS App Sandbox, which is a major security concern, although it states mitigations are in place: 1) server binds only to localhost (127.0.0.1) preventing remote access, 2) CORS is restricted to localhost, and 3) all user inputs are validated and sanitized (e.g., removal of null bytes, length limits, and escaping) before being passed to scripts. The JXA scripts themselves are templated. The primary residual risk is a potential vulnerability in input sanitization or JXA parsing that could lead to privilege escalation or unintended interactions with other local applications if the app or its inputs were compromised, due to the disabled sandbox.
Similar Servers
XcodeBuildMCP
Provides an MCP (Model Context Protocol) server for AI agents and other clients to programmatically build, test, run, and debug iOS and macOS applications, manage simulators/devices, and capture logs.
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
obsidian-mcp-plugin
This plugin connects your Obsidian vault to AI assistants through MCP (Model Context Protocol), enabling them to understand and navigate your notes as a connected knowledge graph.
mcp-outline
A Model Context Protocol server for interacting with Outline document management, enabling AI assistants to search, read, create, edit, archive, and manage documents, collections, and comments.