bellwether
Verified Safeby dotsetlabs
Overview
Interviews MCP (Model Context Protocol) servers to generate behavioral documentation, perform API testing, and detect behavioral drift.
Installation
npx bellwetherEnvironment Variables
- OPENAI_API_KEY
- ANTHROPIC_API_KEY
- OLLAMA_BASE_URL
- BELLWETHER_CLOUD_API_BASE_URL
- BELLWETHER_SESSION
Security Notes
The project demonstrates good security practices such as filtering sensitive environment variables before spawning subprocesses (`MCPClient.filterEnv`) and using secure YAML parsing (`parseYamlSecure`) to mitigate injection risks. Baseline loading also uses Zod schema validation to prevent malicious JSON. However, as an 'interviewing' tool, it inherently processes potentially untrusted outputs from MCP servers. A notable 'eval' function is present in `test/fixtures/mock-mcp-server.ts`, which is concerning but confined to test code. The `resolvePath` in `WorkflowExecutor` traverses object paths, which is generally safe, but complex parsing logic always carries some inherent risk of unexpected behavior with malformed inputs.
Similar Servers
mcp-openapi-server
A Model Context Protocol (MCP) server that exposes OpenAPI endpoints as MCP tools, along with optional support for MCP prompts and resources, enabling Large Language Models to interact with REST APIs.
mcp-interviewer
A Python CLI tool to evaluate Model Context Protocol (MCP) servers for agentic use-cases, by inspecting capabilities, running functional tests, and providing LLM-as-a-judge evaluations.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
mcp-server-dump
A command-line tool to extract, analyze, and document the capabilities (tools, resources, prompts) of MCP (Model Context Protocol) servers in various formats, including Markdown, JSON, HTML, PDF, and Hugo sites.