bvbrc-mcp-server
by cucinellclark
Overview
This server provides a unified Model Context Protocol (MCP) interface for the Bacterial-Viral Bioinformatics Resource Center (BV-BRC), enabling AI models to query biological data, submit analysis jobs, and manage workspace files programmatically.
Installation
source mcp_env/bin/activate && PORT=$(jq -r '.port' config/config.json) python3 http_server.pyEnvironment Variables
- KB_AUTH_TOKEN
- PORT
- PUBLIC_BASE_URL
Security Notes
The server has a critical file disclosure vulnerability. The `workspace_upload` tool accepts a `filename` parameter, which is then used by the `_upload_file_to_url` function to read a file from the *local filesystem of the server itself*. If a malicious user (or LLM) provides an arbitrary path for `filename` (e.g., `/etc/passwd` or `/root/.ssh/id_rsa`), the server could read and upload these sensitive files to the user's workspace, assuming the server process has read permissions. Additionally, the `create_feature_group` tool includes a heuristic fix for feature IDs that attempts to insert a '.' character, which, while not a direct vulnerability, is a code smell that could silently alter valid user input if it doesn't conform to the expected pattern. Authentication relies on a specific PATRIC token format parsed by string manipulation, which could be brittle if the format changes unexpectedly.
Similar Servers
nancy-brain
Builds a searchable knowledge base from GitHub repositories and PDF articles for AI agents and assistants.
smartapi-mcp
Creates Model Context Protocol (MCP) servers for APIs registered in the SmartAPI registry, with a focus on bioinformatics and life sciences APIs.
fastsearch-mcp
Provides lightning-fast file search capabilities on Windows by directly accessing the NTFS Master File Table, integrated with Claude Desktop.
mcp-server
Universal MCP server providing intelligent assistance for KrakenD API Gateway configuration validation, security auditing, and configuration generation.