mcp-app-python
Verified Safeby ecociel
Overview
Develop and test custom OpenAI (ChatGPT) App Widgets, demonstrating both plain HTML and React-based UI components served by a minimal Python MCP server.
Installation
python server.pySecurity Notes
The Python server code (both server.py and server-html.py) appears robust, handling file reads and HTTP requests without obvious direct vulnerabilities like `eval` or command injection. The `load_html` function in `server.py` involves string manipulation to inline JS/CSS and move script tags for self-contained widget embedding; while this carries an inherent, albeit small, risk if not perfectly implemented, it's for known build artifacts. Client-side widgets are expected to read `window.openai.toolOutput`; developers should ensure proper sanitization/escaping if rendering dynamic content directly as HTML within the widget. The example React widget uses `JSON.stringify` and direct text injection for the 'pizzaTopping', which are generally safe. The client environments (e.g., ChatGPT, MCP Inspector) are expected to sandbox these widgets.
Similar Servers
mcp-servers
A foundational Python project providing basic components and utilities for building modular server-like applications.
MCP-server-
A Python-based server application handling user authentication, data storage, and potentially managing models or file uploads.
mcp-units
Converts cooking measurements (volume, weight, temperature) between common units, designed for integration with MCP-compatible tools and VSCode extensions.
falcon-mcp-server
An ASGI server implementation of the Model Context Protocol (MCP) enabling AI agents to interact with defined tools and resources via JSON-RPC.