sharp-mcp
Verified Safeby greatSumini
Overview
This MCP server provides image session management and processing capabilities for AI coding assistants, enabling tasks like metadata extraction, color picking, background removal, cropping, and compression.
Installation
npx -y sharp-mcpSecurity Notes
The server can handle user-provided file paths for reading and writing images (`create_session_by_path`, `compress_image`, `extract_region`, `remove_background`). While `validateAbsolutePath` is used to prevent relative path traversal, the server's underlying process permissions will determine the extent of potential file system access an attacker could exploit if they gain control over the `output_path`. Storing base64 images in memory sessions, and performing CPU/memory intensive operations like background removal, cropping, and compression, poses a potential Denial-of-Service (DoS) risk if not adequately rate-limited or resource-managed at a higher layer. The ML model files (10-50MB) for background removal are downloaded and cached on first use, which introduces a supply chain risk if the source of these models were compromised. No hardcoded secrets or 'eval' were found in the provided code.
Similar Servers
cclsp
Integrate LLM-based coding agents with Language Server Protocol (LSP) servers to enable robust code navigation, symbol resolution, and refactoring across various programming languages.
mcp-execution
Transforms any Model Context Protocol (MCP) server into executable, type-safe TypeScript tools for AI agents, enabling progressive loading and achieving significant token savings.
fsi-mcp-server
Provides a Model Context Protocol (MCP) server wrapper for F# Interactive (FSI) to enable AI-assisted development workflows with programmatic access to FSI sessions.
nanobanana-api-mcp
An MCP server providing image generation and editing capabilities via the Google Gemini API, integrable with various AI coding assistants and IDEs.