xc-mcp
Verified Safeby ericvoltolin
Overview
LLM-optimized wrapper for Xcode CLI tools, summarizing verbose outputs to reduce token usage in AI-assisted development workflows.
Installation
npm startEnvironment Variables
- XC_MCP_CACHE_DIR
Security Notes
The server executes external `xcodebuild` and `simctl` commands via `child_process.exec`. While arguments like `projectPath`, `scheme`, and `destination` are enclosed in double quotes during command construction, `child_process.exec` does not automatically sanitize all shell metacharacters (e.g., command substitution like `$(command)`). The internal `escapeShellArg` utility is defined but not used by `buildXcodebuildCommand` and `buildSimctlCommand`. This leaves a potential command injection vulnerability if user-provided input for parameters (e.g., `destination`, `deviceId`, `scheme`) is not robustly sanitized by the calling client or if malicious strings bypass existing validation checks. Communication via `StdioServerTransport` reduces network exposure but does not eliminate input-based injection risks. No obvious hardcoded secrets or obfuscation found.
Similar Servers
XcodeBuildMCP
Provides an MCP (Model Context Protocol) server for AI agents and other clients to programmatically build, test, run, and debug iOS and macOS applications, manage simulators/devices, and capture logs.
osaurus
Osaurus is an AI edge runtime for macOS, enabling users to run local and cloud AI models, orchestrate tools via the Model Context Protocol (MCP), and power AI applications and workflows on Apple Silicon.
xc-mcp
Provides an intelligent MCP server for Xcode and iOS simulator workflows, optimized for AI agents to automate iOS development and testing tasks efficiently.
AppleFoundationMCPTool
Dynamic bridging between Apple's Foundation Models/AnyLanguageModel and external Model Context Protocol (MCP) servers for tool execution.