ironmanus-mcp

The project demonstrates strong, explicit, and multi-layered security measures. SSRF protection (`ssrfGuard`, `validateAndSanitizeURL`) is consistently applied to network requests and session IDs. Python execution is sandboxed (`validatePythonCode` blocks dangerous functions) and `pip install` uses an allowlist (`ALLOWED_LIBRARIES`). Path traversal is prevented for file system operations via `isValidSessionId`. An active runtime protection system (`startLegacyFileProtection`) removes legacy JSON files. Configuration validation (`validateConfig`) checks critical security settings in production. No obvious hardcoded secrets were found. The primary remaining risk is the inherent trust boundary of `subprocess.check_call` for `pip install` even with an allowlist, as a malicious package could potentially bypass checks if it made it into a mirror.