php-mcp-server
Verified Safeby dv-team
Overview
A simple PHP-based MCP Server (JSON-RPC) for handling immediate requests, adaptable for database, prompt, and filesystem tasks.
Installation
php -S 127.0.0.1:8080 public/index.phpSecurity Notes
The server demonstrates good practices for JSON-RPC parsing by using JSON_THROW_ON_ERROR and includes explicit checks for property existence and type validation for incoming parameters. It uses a PSR-3 Logger for debugging/error logging, and custom exception handling. The default HTTP binding is to localhost (127.0.0.1), limiting network exposure. No direct 'eval' or 'shell_exec' are present. The primary security consideration for a system like this, not directly visible in the provided code, would be how tools and prompts are registered. If the registration process were exposed to untrusted input, it could lead to arbitrary code execution via the 'handler' callables. However, based on the provided code, registration happens programmatically within the application code, not through user-controlled input.
Similar Servers
php-mcp
Facilitates communication and integration between LLM applications and external data sources or tools by implementing the Model Context Protocol (MCP).
php-mcp-sdk
A PHP SDK for building Model Context Protocol (MCP) servers that expose AI capabilities (tools, prompts, sampling) and data resources to clients, facilitating AI agent orchestration and structured human-AI interaction.
mcp-server
A Hyperf-based server implementation of the Model Context Protocol (MCP) to manage and serve AI tools, resources, and prompts.
tinystruct-mcp
A modular Java server providing a JSON-RPC interface for file system and Git/GitHub operations, aimed at automation and DevOps workflows.