codemoder
Verified Safeby diodeinc
Overview
Acts as an MCP proxy to enable AI models to write and execute JavaScript code, allowing them to chain multiple tool calls in a single execution.
Installation
./target/release/codemoder ./my-mcp-serverSecurity Notes
The core functionality of codemoder is to execute arbitrary JavaScript code provided as input to its `execute_tools` tool. This is achieved using the `rquickjs` (QuickJS) runtime and its `eval` equivalent. While `rquickjs` generally provides a sandboxed environment, the JavaScript code has direct access to call any of the downstream MCP server's tools via the `tools` object. This design inherently poses a significant security risk: if a malicious actor or a compromised AI model provides malicious JavaScript code, it could execute arbitrary commands or logic through the downstream tools on the host system where codemoder is running. It is critical to only feed code from trusted sources.
Similar Servers
compound-mcp-server
Provides a Model Context Protocol (MCP) server for interacting with Groq models, including compound/meta models, exposing tools for real-time information and code execution capabilities from the Groq AI.
mcp-framework
A Rust framework for building AI agents with built-in Model Context Protocol (MCP) support, multi-LLM integration, and a web-based inspector for debugging.
skillz
Skillz enables AI agents to dynamically build, manage, and execute custom tools at runtime using WebAssembly and scripts, with features like persistent memory, Docker service orchestration, and external MCP server integration.
codex-mcp-rs
This server acts as an MCP (Model Context Protocol) wrapper for the Codex CLI, enabling AI-assisted coding tasks through compatible clients like Claude Code.