mcp-web-client
Verified Safeby hemanth
Overview
A web-based client for the Model Context Protocol (MCP), enabling users to connect to multiple MCP servers, browse tools/resources/prompts, and interact via an AI-powered chat interface.
Installation
npm install && npm run devEnvironment Variables
- GITHUB_CLIENT_ID
- GITHUB_CLIENT_SECRET
- NEXTAUTH_URL
- CF_ACCOUNT_ID
- D1_DATABASE_ID
- CF_API_TOKEN
Security Notes
The server uses `new Function()` for executing JavaScript orchestration code, which, while scoped, is a dynamic code execution method. It also acts as a proxy for user-defined MCP servers and LLM APIs, meaning the backend will make requests to arbitrary external URLs based on user input. This inherent design choice, while necessary for functionality, introduces potential risks like Server-Side Request Forgery (SSRF) or proxy abuse if deployed without proper network-level isolation or rate limiting. OAuth credentials and client registrations are stored in `localStorage` on the client-side, making them vulnerable to Cross-Site Scripting (XSS) attacks if any exist on the site. However, no direct 'eval' or hardcoded secrets were found.
Similar Servers
mcpm.sh
MCPM is a command-line tool for managing Model Context Protocol (MCP) servers, enabling discovery, installation, execution, sharing, and integration with various MCP clients.
example-remote-server
A reference server demonstrating all Model Context Protocol (MCP) features and OAuth 2.0 authentication patterns.
sagemcp
A scalable platform for hosting Multi-tenant Model Context Protocol (MCP) servers with multi-tenant support, OAuth integration, and connector plugins for various services.
mcp-server-playground
A playground and reference implementation for a Model Context Protocol (MCP) server, featuring streamable HTTP transport, OAuth proxy for third-party authorization servers like Auth0, and stateful session management.