aibolit-mcp-server
by cqfn
Overview
A server for AI agents to identify the most critical design issues in Java code using the Aibolit static analyzer.
Installation
npx aibolit-mcp-serverSecurity Notes
The `aibolit` function (src/aibolit.ts) directly passes the `path` argument, which originates from user input through the MCP server's `find_the_most_critical_design_issue` tool, into a shell command executed via `child_process.execSync`. This is done without proper sanitization or escaping of the path. This creates a severe command injection vulnerability, allowing an attacker to execute arbitrary shell commands if they can control the `path` input (e.g., by injecting shell metacharacters).
Similar Servers
tiger-gh-mcp-server
Provides a Model Context Protocol (MCP) interface to the GitHub API, enabling LLMs to access focused development tools and information.
tiger-memory-mcp-server
A backend server for a Minecraft-related application, likely providing data management or proxy services.
mcp-server
The Kontent.ai MCP Server enables AI models to understand Kontent.ai content structure and perform content operations through natural language instructions, transforming content operations with AI-powered tools.
mcp-server-koyeb
A TypeScript/Node.js backend server application, likely intended for deployment on a serverless platform like Koyeb.