PitchLense
by connectaman
Overview
An AI-powered platform for comprehensive startup analysis, including risk assessment, growth potential evaluation, founder DNA analysis, email pitch analysis, and meeting recording summaries.
Installation
docker-compose up -dEnvironment Variables
- GEMINI_API_KEY
- FMP_API_KEY
- GCS_BUCKET
- GOOGLE_CLOUD_PROJECT
- CLOUD_RUN_URL
- NODE_ENV
- GOOGLE_APPLICATION_CREDENTIALS
- DB_USER
- DB_PASSWORD
- DB_HOST
- DB_NAME
- DB_PORT
- DB_SSL
- INSTANCE_UNIX_SOCKET
- JWT_SECRET
- EMAIL_USERNAME
- EMAIL_PASSWORD
- IMAP_HOST
- IMAP_PORT
- SMTP_HOST
- SMTP_PORT
- ADK_RUN_URL
Security Notes
Critical authentication flaws, including a hardcoded `FIXED_SALT` for password hashing and a direct hash comparison `password === user.password_hash`. This design makes user passwords vulnerable to offline brute-force attacks if the salt is compromised (which it is, being in the source code). Hardcoded default secrets for `JWT_SECRET`, `DB_PASSWORD`, and `GEMINI_API_KEY` are present, posing a severe risk if not explicitly overridden in production environments. The Content Security Policy (CSP) includes `'unsafe-eval'` in its `script-src`, which can weaken XSS protections. Positively, the application implements standard security headers, API rate limiting, uses Google Cloud Natural Language API for content moderation, and employs parameterized SQL queries to mitigate injection attacks. However, these positive controls are significantly overshadowed by the critical authentication vulnerabilities.
Similar Servers
chrome-devtools-mcp
Control and inspect a live Chrome browser programmatically via an MCP server, enabling AI coding agents to perform reliable automation, in-depth debugging, and performance analysis.
mcp-chrome
Transforms the Chrome browser into an AI-controlled automation tool, enabling large language models to interact with web pages, analyze content, and manage browser functions.
deep-research
Generate comprehensive, AI-powered deep research reports, leveraging various LLMs and web search engines, with local knowledge base integration and report artifact editing.
octocode-mcp
The Octocode Research server enables AI agents to perform expert code forensics and deep-dive research across local filesystems (LSP, ripgrep, file I/O) and external GitHub repositories (code search, repo structure, pull requests, package search). It's optimized for architectural analysis, pattern discovery, and implementation planning.