xrootd-mcp-server
by eic
Overview
The server enables LLMs to interact with XRootD file systems for scientific data access, management, and ROOT file analysis, particularly for the Electron-Ion Collider (EIC) project data.
Installation
XROOTD_SERVER="root://dtn-eic.jlab.org" node build/src/index.jsEnvironment Variables
- XROOTD_SERVER
Security Notes
CRITICAL: The server is highly vulnerable to command injection. User-provided `path` arguments (and other string arguments used in shell commands) are directly interpolated into `execAsync` calls for `xrdfs` and `xrdcp` without proper shell escaping. This allows a malicious user or LLM to inject arbitrary shell commands (e.g., `list_directory({ path: ".; rm -rf /" })`) that will be executed on the host machine where the MCP server is running. While there is path traversal protection (preventing `../`), this does not mitigate command injection within valid path segments. No hardcoded secrets were found.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
irods-mcp-server
Provides a Machine-Controlled Process (MCP) server for AI clients to access and manage data within iRODS data stores.
fusion-mcp
An MCP server for Autodesk Fusion 360, enabling data management, export, design automation, and webhooks interactions via a standardized protocol, deployed on Cloudflare Workers.
dora-mcp-server
Provides a server implementation for a Multi-Client Protocol (MCP), likely for managing multiple client connections or game interactions.