bike-mcp-server
Verified Safeby hildersantos
Overview
This server allows AI assistants to programmatically interact with the Bike outliner app on macOS, enabling reading and manipulation of outline documents.
Installation
node dist/index.jsSecurity Notes
The server utilizes `child_process.execSync` to execute AppleScript commands, which inherently carries a risk of command injection if inputs are not perfectly sanitized. The code attempts to mitigate this by escaping user-provided strings for AppleScript literals (e.g., handling quotes, newlines, backslashes) and validating row IDs with a regex. However, the complexity of AppleScript escaping and the direct use of `osascript` in a shell context means a subtle vulnerability in the escaping logic or the Bike app's AppleScript interface could potentially lead to local command execution. Given it's a local-only server and relies on specific app integration, the immediate remote attack surface is limited, but local privilege escalation or unintended actions are a possibility.
Similar Servers
mcp-server-macos-use
An AI agent designed to control a macOS computer using OS-level tools, compatible with the Model Context Protocol (MCP).
bb-applescript-mcp-server
Enables LLM clients to automate macOS applications using AppleScript, providing predefined tools for Finder and BBEdit, and supporting custom plugin development.
MCP-server-client-computer-use-ai-sdk
Provides an AI-driven interface to control a macOS computer by automating tasks through accessibility features and a conversational agent loop.
omnifocus-mcp
Interact with and manage OmniFocus tasks, projects, folders, and tags on macOS, including UI navigation and comprehensive filtering.