swift-mcp

The project uses `child_process.execSync` and `child_process.exec` to run external tools like `playwright` and `patreon-dl` for its *optional* premium Patreon integration. This includes launching a browser to extract session cookies and downloading content. While justified for its intended functionality (accessing Patreon content which lacks a direct API for content download), executing external commands carries inherent security risks, such as potential command injection if inputs were not perfectly sanitized (though not evident in the provided code) or vulnerabilities in the external tools themselves. Sensitive session cookies are written to a local file (`.patreon-session`) which, while used by a trusted local dependency, is less secure than `keytar` which is used for OAuth tokens. Users should be aware of these risks before enabling Patreon integration, and ensure their environment is secure.