mcp-browse-me
by gmunumel
Overview
A simple Model Context Protocol (MCP) 'Hello World' application demonstrating basic client-server communication with an AI agent capable of using tools and maintaining state.
Installation
uvicorn src.api.main:app --reload --host 0.0.0.0 --port 3000Environment Variables
- DATABASE_URL
- OPENAI_API_KEY
- CHROMA_HOST
- CHROMA_PORT
Security Notes
CRITICAL: The `query_database` tool, exposed directly via the `/actions` API endpoint and callable by the agent, executes arbitrary SQL queries directly from user input without sanitization. This leads to severe SQL injection vulnerabilities. Similarly, the `browse_files` tool allows arbitrary path browsing, posing a local file exposure risk. Although `DATABASE_URL` and `OPENAI_API_KEY` are loaded from `.env`, this does not mitigate the critical lack of input validation for tool arguments directly provided by potentially untrusted users or generated by the agent.
Similar Servers
agents-mcp-usage
This repository demonstrates the integration of a Model Context Protocol (MCP) server with various AI agent frameworks, showcasing agent communication and operation within a shared context.
Sample-MCP-client-and-Server
A minimal example of an MCP (Model Context Protocol) server and client demonstrating basic tool exposure and invocation.
mcp-basics
A minimal example of building an MCP client and server in Python for connecting AI models to external tools and data, demonstrating AI agent capabilities.
MCP-client-server
This repository demonstrates an interactive client-server application built using the Model Context Protocol (MCP) SDK, allowing users to interact with AI-powered tools, resources, and prompts, primarily for data management and generative AI tasks.