pythia-mcp
Verified Safeby consigcody94
Overview
An MCP server for Higgs Boson phenomenology, interfacing with the Lilith framework to constrain new physics from LHC Higgs measurements for AI assistants.
Installation
node dist/index.jsEnvironment Variables
- LILITH_DIR
- PYTHON_CMD
Security Notes
The server demonstrates strong security practices for input validation, path traversal prevention (`safeResolvePath`), XML injection (`escapeXml`), and Regex DoS (`safeRegex`). External API calls to HEPData and CERN Open Data are rate-limited and use hardcoded base URLs with `encodeURIComponent` for query parameters, mitigating SSRF. The primary risk vector would be vulnerabilities within the underlying Lilith Python library itself, especially concerning its XML parsing, but the Node.js wrapper diligently sanitizes and constrains inputs to the Python subprocess calls. No obvious hardcoded secrets or arbitrary code execution vulnerabilities were found in the Node.js layer.
Similar Servers
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
knowledgebase-mcp
A standardized Model Context Protocol (MCP) server that aggregates and provides AI systems with access to diverse biomedical knowledge bases and analysis tools.