wechat-robot-mcp-server
by hp0912
Overview
This server acts as a Model Context Protocol (MCP) gateway, integrating various AI capabilities (image recognition, TTS, image/video generation, chat summarization, personality analysis) and WeChat-specific functions (song requests, emoji extraction, group management) for a WeChat robot.
Installation
go run .Environment Variables
- MCP_SERVER_PORT
- MYSQL_HOST
- MYSQL_PORT
- MYSQL_USER
- MYSQL_PASSWORD
- GO_ENV
Security Notes
CRITICAL vulnerability identified: The `buildDSNForRobot` function constructs a MySQL DSN using `robotCode` directly as the database name. If `robotCode` can be controlled or influenced by an attacker, this allows for database name injection, potentially enabling access to arbitrary databases on the MySQL server or causing denial of service by repeatedly attempting to connect to non-existent databases. Additionally, the server makes external HTTP requests to various AI service providers (e.g., OpenAI, Doubao, Jimeng, GLM, Hunyuan) and a music API (`api.cenguigui.cn`). While parameters are typically encoded, the reliability and security of these third-party services are external dependencies. AI API keys and other sensitive settings are stored in the database, requiring robust database security. No 'eval' or obvious obfuscation detected.
Similar Servers
wecom-bot-mcp-server
An MCP server that enables AI assistants to send various message types, files, and images to WeCom (WeChat Work) groups, supporting single or multiple bot configurations.
mcp-notify
A Model Context Protocol (MCP) server designed to send messages and notifications across various platforms like WeWork, DingTalk, Telegram, Lark, Home Assistant, Bark, Ntfy, and PushPlus.
WeChat-MCP
Automate WeChat interactions on macOS for LLMs, enabling programmatic control over chat, contact management, and Moments (social feed) publishing via accessibility APIs and screen capture.
wechat-official-account-mcp
Provides a Model Context Protocol (MCP) service to enable AI applications to interact with WeChat Official Account APIs, managing features like authentication, media, drafts, and publishing.