Back to Home
chrisleekr icon

mcp-server-playground

Verified Safe

by chrisleekr

View Source

Overview

A Model Context Protocol (MCP) server that acts as an OAuth proxy for 3rd party authorization servers like Auth0, provides stateful session management, and exposes various tools for system time, streaming, project keyword searching, and AWS services (S3, ECS, CloudWatch Logs, Bedrock).

Installation

Run Command
npm run dev

Environment Variables

  • MCP_CONFIG_TOOLS_PROJECT_PATH
  • MCP_CONFIG_SERVER_AUTH_JWTSECRET
  • MCP_CONFIG_SERVER_AUTH_AUTH0_DOMAIN
  • MCP_CONFIG_SERVER_AUTH_AUTH0_CLIENTID
  • MCP_CONFIG_SERVER_AUTH_AUTH0_CLIENTSECRET
  • MCP_CONFIG_SERVER_AUTH_AUTH0_AUDIENCE
  • MCP_CONFIG_SERVER_AUTH_AUTH0_SCOPE
  • MCP_CONFIG_TOOLS_AWS_REGION
  • MCP_CONFIG_TOOLS_AWS_PROFILE
  • MCP_CONFIG_TOOLS_AWS_CREDENTIALS_ACCESSKEYID
  • MCP_CONFIG_TOOLS_AWS_CREDENTIALS_SECRETACCESSKEY
  • MCP_CONFIG_TOOLS_AWS_CREDENTIALS_SESSIONTOKEN
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_REGION
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_PROFILE
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_CREDENTIALS_ACCESSKEYID
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_CREDENTIALS_SECRETACCESSKEY
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_CREDENTIALS_SESSIONTOKEN
  • MCP_CONFIG_TOOLS_AWS_BEDROCK_MODEL
  • MCP_CONFIG_STORAGE_VALKEY_URL
  • MCP_CONFIG_STORAGE_TYPE
  • MCP_CONFIG_SERVER_AUTH_ENABLED
  • MCP_LOG_LEVEL

Security Notes

The server explicitly addresses security concerns related to Dynamic Application Registration in OAuth by delegating authorization to 3rd party providers (e.g., Auth0) and acting as an OAuth proxy. It uses `helmet` and `express-rate-limit` for basic HTTP security and rate limiting. Input validation is performed using Zod schemas for all tool and prompt arguments. AWS credentials are handled via SSO or environment variables, which is a standard secure practice. JWTs are used for access and refresh tokens. No direct `eval` or obvious code injection vulnerabilities were found. The 'project' tool reads local files, which could be a risk if the `MCP_CONFIG_TOOLS_PROJECT_PATH` could be manipulated by a malicious client or if the server environment is not properly sandboxed, but currently the path is configured via environment variables, limiting immediate exploitability.

Similar Servers

mcpo

3711

Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers for integration with LLM agents and other applications.

Web & APIs
8
$Low

mcphub

1607

A hub for managing, orchestrating, and providing a unified API for various Model Context Protocol (MCP) servers and their tools, including user management, OAuth services, and discovery of external servers.

Web & APIs
8
$Medium

mcp-openapi-server

205

Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.

Web & APIs
9
$Medium

mcp-typescript-template

49

This server acts as a template for building remote Model Context Protocol (MCP) servers using TypeScript, handling MCP tool registration and session management over HTTP.

Web & APIs
9
$Low

Stats

Interest Score36
Security Score8
Cost ClassMedium
Avg Tokens2500
Stars6
Forks0
Last Update2025-11-30

Tags

Model Context ProtocolMCP ServerOAuth ProxyTypeScriptAWSTools