MCP-Servers
by dwpdkp
Overview
Provides AI assistants with tools to download YouTube videos and audio using the yt-dlp utility.
Installation
python main.pyEnvironment Variables
- YT_DLP_PATH
- DEFAULT_DOWNLOAD_DIR
Security Notes
CRITICAL: The tools 'download_youtube_video' and 'download_youtube_audio' accept a 'url' parameter which is likely passed directly to a `subprocess.run` command that executes `yt-dlp`. Without explicit sanitization of the 'url' and if `shell=True` is used (a common but dangerous pattern), this creates a severe command injection vulnerability. An attacker could craft a malicious URL to execute arbitrary commands on the host system. Additionally, there is no mention of authentication or authorization, implying unauthenticated access to system resources for executing downloads. This lack of access control combined with potential command injection poses a high risk.
Similar Servers
mcp-server-csdn
The server automatically publishes Markdown articles to the CSDN platform, acting as a tool called by a Spring AI agent.
teamToolboxHub
Centralized configuration and management hub for various team utilities and external Model Context Protocol (MCP) servers, facilitating access to services like SonarQube, AWS documentation, Jenkins, and CloudWatch.
mt-data-mcp
A MetaTrader5 (MT5) Market Data Provider offering advanced financial analysis capabilities including price forecasting, volatility estimation, pattern detection, technical indicators, and algorithmic trading decision support.
mcp-server
Unable to determine the use case due to missing repository content.