api-pilot
Verified Safeby consigcody94
Overview
Provides an MCP server for API mocking, HTTP client requests, and OpenAPI specification exploration through natural language.
Installation
node /absolute/path/to/api-pilot/dist/index.jsSecurity Notes
The project uses standard libraries (Express, Axios, SwaggerParser) without obvious code-level vulnerabilities. There are no hardcoded secrets or 'eval' usage. The `make_http_request` and `parse_openapi_spec` tools allow interaction with arbitrary URLs and local files, which is an intended feature. However, if a malicious prompt were to control these tools, it could potentially be used for Server-Side Request Forgery (SSRF) to scan internal networks or access local files. This is a risk inherent to tools that can access arbitrary external/internal resources via user input, rather than a specific vulnerability in the code.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
inspector
Local development and debugging platform for Model Context Protocol (MCP) clients and servers, including proxying MCP server interactions, simulating UI widgets, and facilitating OAuth flows. It enables building, testing, and developing MCP clients and servers.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
infobip-openapi-mcp
Exposes any OpenAPI documented HTTP API as a Model Context Protocol (MCP) server for AI agents, with support for mock mode and authentication.