clara-mcp-server
by crazi-co
Overview
Exposes Clara backend APIs as tools for AI agents using the Model Context Protocol (MCP).
Installation
python run.pyEnvironment Variables
- USER_ID
- API_KEY_TOKEN
- PORT
- BASE_URL
Security Notes
Critical path traversal vulnerability exists in the `agent.analysis` tool. The `file_path` parameter, if an AI agent can control its value without sanitization, allows reading arbitrary local files from the server's filesystem and subsequently uploading them to the backend Clara API. This presents a severe risk of data exfiltration or unauthorized access to server resources. Additionally, the server uses global mutable variables (`app.data.user_id`, `app.data.api_key_token`) for authentication context. In a concurrent environment, these global variables could be overwritten by a different request during processing, potentially leading to incorrect or leaked credentials being used by a request. The default `log_level` for Uvicorn is set to 'error', which may hinder effective security incident detection and debugging.
Similar Servers
mcp-omnisearch
Provides a unified interface for various search, AI response, content processing, and enhancement tools via Model Context Protocol (MCP).
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.
lyra-tool-discovery
This MCP server is designed to fetch, parse, and organize documentation from websites implementing the llms.txt standard. It transforms raw documentation into structured, agent-ready formats, exposing tools for AI agents, LLMs, and automation workflows to consume documentation programmatically.