MCP-CodeV
by eddie-rembrandt
Overview
A Model Context Protocol (MCP) server enabling Claude AI to access, analyze, and work with local Code V optical design scripts and PDF documentation.
Installation
node build/index.jsEnvironment Variables
- CODEV_DIR
- PDF_DIR
Security Notes
The server's communication relies on local stdio, mitigating network-based attack vectors. However, a critical vulnerability exists: the server's tool handlers (e.g., `read_codev_file`, `analyze_codev_syntax`, `read_pdf_content`, `search_codev_commands`) do not sanitize the `filename` argument. This allows for directory traversal attacks, enabling a malicious prompt or user to request and read arbitrary files outside the configured `CODEV_DIR` and `PDF_DIR` (e.g., `/etc/passwd` or sensitive user files). While the architecture document mentions path sanitization, it is not implemented in the provided `src/index.ts`. The PDF text extraction is basic and might struggle with complex PDFs, but this is a functionality limitation rather than an immediate security risk. The server is designed to be read-only, preventing file modification.
Similar Servers
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
mcp-code-exec-python
Provides a Model Context Protocol (MCP) server for executing arbitrary Python code with optional package installations, supporting HTTP, SSE, and STDIO transports.
devtools-debugger-mcp
Facilitate debugging of Node.js applications by exposing Chrome DevTools Protocol capabilities via an MCP server.
shell-exec-mcp
Provides a Model Context Protocol (MCP) server for executing arbitrary bash commands, supporting both foreground execution with timeouts and background job management.