onemcp

CRITICAL RISK: The server is designed to execute external commands directly from its configuration file (`mcpServers[name].command` and `mcpServers[name].args`) using `os/exec.Command`. This represents a severe remote code execution vulnerability if an attacker can modify the `.onemcp.json` configuration or provide a malicious configuration. Additionally, the LLM search functionalities for 'claude', 'codex', and 'copilot' also invoke external CLI tools (`claude`, `codex`, `copilot`) using `os/exec.Command`. For Claude and Codex, it explicitly uses `--dangerously-skip-permissions` and `--dangerously-bypass-approvals-and-sandbox` flags, which disable critical security measures of those CLI tools, significantly increasing the risk of unintended actions or data leakage if those CLIs are exploited or misused. There are no clear input sanitization or sandboxing mechanisms observed for these command executions. Due to these factors, the server is NOT safe to run in environments where configurations or external tool interactions can be influenced by untrusted sources.