ProDisco
Verified Safeby harche
Overview
Enables AI agents to interact with Kubernetes clusters and perform Prometheus metrics analysis through a progressively disclosed, sandboxed TypeScript execution environment.
Installation
npx -y @prodisco/k8s-mcpEnvironment Variables
- KUBECONFIG
- K8S_CONTEXT
- PROMETHEUS_URL
- SANDBOX_USE_TCP
- SANDBOX_TCP_HOST
- SANDBOX_TCP_PORT
- LOG_LEVEL
Security Notes
The sandbox execution environment is well-implemented, using Node.js `vm` module with explicit whitelisting of global objects and `require()` calls to prevent arbitrary code execution outside of specified modules (`@kubernetes/client-node`, `prometheus-query`). Filesystem access for script caching and generated type definitions includes path sanitization to prevent directory traversal. Execution is bound by a configurable timeout. The primary risk lies in the agent's ability to perform actions on the Kubernetes cluster and query Prometheus, with permissions dictated by the `KUBECONFIG` and `PROMETHEUS_URL` provided to the MCP server. `process.env` is exposed inside the sandbox, which could be a vector for sensitive environment variable leakage if unexpected secrets are present.
Similar Servers
cupertino
Local Apple Developer documentation crawler and Model Context Protocol (MCP) server for AI agents, providing offline access and structured API information.
mcp-server-infranodus
Integrates InfraNodus knowledge graph and text network analysis capabilities into LLM workflows and AI assistants for advanced text analysis, content gap detection, and SEO optimization.
mcp-server-computer
This server acts as a Spring AI MCP Server component to provide cross-platform computer configuration information (OS, user, Java, and platform-specific details) to an AI agent.
meds-mcp
Provides a medical context protocol (MCP) server and a React-based chat interface for interacting with patient records via LLMs and medical ontologies, facilitating evidence review and patient data exploration.