OOMCP
Verified Safeby chefbob
Overview
Enables AI assistants to read and modify OmniOutliner documents on macOS via a localhost HTTP server.
Installation
swift run OOMCPSecurity Notes
The server uses 'osascript' to execute JavaScript for Automation (JXA) scripts against OmniOutliner. This involves dynamic script execution, which is inherently risky. The application explicitly disables the macOS App Sandbox, which is a major security concern, although it states mitigations are in place: 1) server binds only to localhost (127.0.0.1) preventing remote access, 2) CORS is restricted to localhost, and 3) all user inputs are validated and sanitized (e.g., removal of null bytes, length limits, and escaping) before being passed to scripts. The JXA scripts themselves are templated. The primary residual risk is a potential vulnerability in input sanitization or JXA parsing that could lead to privilege escalation or unintended interactions with other local applications if the app or its inputs were compromised, due to the disabled sandbox.
Similar Servers
XcodeBuildMCP
Provides a Model Context Protocol (MCP) server for agents to interact with Xcode, iOS, and macOS development workflows including project management, building, testing, UI automation, and debugging.
mcp-obsidian
Provides a secure, universal AI bridge for Obsidian vaults, enabling MCP-compatible AI assistants to read, write, and manage notes.
obsidian-mcp-plugin
Gives AI semantic agency over an Obsidian knowledge graph, enabling AI assistants to understand and navigate notes as a connected knowledge graph through the Model Context Protocol (MCP).
mcp-outline
A Model Context Protocol server for interacting with Outline document management, enabling AI assistants to search, read, create, edit, archive, and manage documents, collections, and comments.