haksnbot-tools
by haksndot
Overview
An MCP server that enables AI (like Claude) to control a Minecraft bot for various in-game actions.
Installation
node src/index.jsEnvironment Variables
- MC_SERVER_ROOT
- MC_HOST
- MC_USERNAME
- MC_PORT
- MC_VERSION
- MC_AUTH
Security Notes
The server uses `child_process.exec` in `src/tools/economy.js` to query a QuickShop H2 database. This command executes `java -cp ... org.h2.tools.Shell -sql "${sql}"`, directly passing SQL as a string. While there's a basic `replace` for double quotes, this method is highly susceptible to SQL injection if an AI agent can control parts of the SQL input. Furthermore, `exec` can potentially lead to arbitrary command execution on the host system if the input can escape the SQL context and inject shell commands. This poses a critical vulnerability. Additionally, sensitive database files are temporarily copied to `/tmp` for read operations, presenting a minor information exposure risk if the host's `/tmp` directory is not secured. Other actions like `bot.chat()` or direct packet writes (`update_sign`) are standard for Minecraft bots but could be abused by an unconstrained AI for in-game griefing.
Similar Servers
minecraft-mcp-server
Enables large language models (LLMs) like Claude to control a Minecraft character as a bot through the Model Context Protocol (MCP), performing various in-game actions.
mcp-discord
Enables AI assistants to interact with the Discord platform by providing a set of Discord-related functionalities via the Model Context Protocol (MCP).
mcp-client-server
A specialized Model Context Protocol (MCP) server designed to act as a testing harness for developing and iterating on other MCP servers within a Claude AI environment.
converse
Orchestrates and exposes various AI tools (chat, multi-model consensus, job management) over the Model Context Protocol, enabling local, persistent, and potentially asynchronous AI interactions across multiple Large Language Model (LLM) providers.