fathom-mcp

The server explicitly states and is designed with **no built-in authentication for HTTP transport**, strongly recommending external solutions like reverse proxies (Caddy, Nginx, Traefik) with authentication or VPNs (Tailscale, WireGuard) for production deployments. This is a critical design decision requiring user action for security. It implements robust **path traversal prevention** (`FileAccessControl`) and **filter command validation** (`FilterSecurity`) to prevent malicious execution or access outside the knowledge root. All filter commands (e.g., `pdftotext`, `pandoc`) are whitelisted by default, and `subprocess.run(shell=True)` is used conditionally and only for pre-validated commands with shell operators, reducing the risk of command injection. CORS handling includes checks against wildcard origins in production environments. Overall, the security model is well-documented and thoughtfully implemented for its specific purpose, but its external authentication dependency is a key factor.