mcp-datagovmy
Verified Safeby hithereiamaliff
Overview
Provides AI models access to Malaysia's open government datasets and dashboards, including real-time weather and public transport information, with enhanced search and direct Parquet file parsing capabilities.
Installation
docker compose up -d --buildEnvironment Variables
- PORT
- HOST
- NODE_ENV
- ANALYTICS_DIR
- GOOGLE_MAPS_API_KEY
- GRABMAPS_API_KEY
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_REGION
- ANALYTICS_RESET_KEY
Security Notes
A critical security flaw exists: the `/analytics/reset` endpoint is protected by an `ANALYTICS_RESET_KEY` which has a hardcoded default value ('malaysia-opendata-2024') if not set via environment variables. This allows any attacker to reset the server's analytics data. API keys (Google Maps, GrabMaps, AWS) can be passed via URL query parameters or HTTP headers and are then stored in `process.env`. While explicitly supported, this design choice could lead to unexpected behavior or accidental exposure in certain proxy/logging configurations, especially in multi-tenant or multi-session environments. All external API calls use `axios`, and input parameters for tools are validated with `zod`, which helps prevent common injection vulnerabilities within API requests. `execSync` is used in build/deployment scripts, which is acceptable in that context.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcphub
An orchestration hub that aggregates, manages, and routes Model Context Protocol (MCP) servers and their tools, providing a centralized interface, user management, OAuth 2.0 authorization server capabilities, and AI-powered tool discovery and routing.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.