orla
Verified Safeby dorcha-inc
Overview
Orla acts as a runtime for Model Context Protocol (MCP) servers, enabling the execution of lightweight open-source AI agents and command-line tools locally.
Installation
orla serveEnvironment Variables
- OLLAMA_HOST
- ORLA_OLLAMA_HOST
- ORLA_PORT
- ORLA_MODEL
- ORLA_QUIET
- NO_COLOR
- ORLA_NO_COLOR
Security Notes
The server's core functionality involves executing arbitrary user-defined tools from the filesystem. While `os.OpenRoot` is used to prevent path traversal when loading manifests and parsing shebangs within tool directories, there is no built-in sandboxing for the tools themselves. This means a malicious or improperly configured tool could potentially perform actions outside its intended scope on the host machine. The `SECURITY.md` explicitly states: 'orla executes tools from the filesystem. Ensure tools are from trusted sources.' When running in HTTP mode, there is no built-in authentication, requiring users to manage network-level access and firewall rules if exposed. No hardcoded secrets were identified.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
mcp-filesystem-server
Provides secure and controlled access to the local filesystem via the Model Context Protocol (MCP) for AI agents and other applications.
mcp-k8s-go
This MCP server enables interaction with Kubernetes clusters to list, get, apply, and execute commands on various resources through a conversational interface.
k8s-mcp-server
Interacting with Kubernetes clusters and Helm releases through a standardized Model Context Protocol (MCP) interface.