mcp-server-for-apache-ofbiz
by jacopoc
Overview
Serves as a Model Context Protocol (MCP) gateway, enabling generative AI applications to interact with backend systems like Apache OFBiz through dynamically loaded tools and RESTful APIs.
Installation
node ./build/server.js ./config ./build/toolsSecurity Notes
The server dynamically loads tools from a configurable `toolsFolderPath` using `await import(toolPath)`, which poses a significant Remote Code Execution (RCE) risk if an attacker can write to this directory or if the folder is not strictly controlled. The default CORS origin in `config.json` is set to `*`, which should be restricted for production. Sensitive tokens and client secrets (`BACKEND_ACCESS_TOKEN`, `MCP_SERVER_CLIENT_ID`, `MCP_SERVER_CLIENT_SECRET`) are stored in `config.json` (as updated by `update_token.sh`), which is less secure than using environment variables or a dedicated secrets manager. Additionally, the `openid-client` library uses `allowInsecureRequests` for discovery, which could introduce a risk if the configured authorization server URL is not HTTPS.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
mcp
This repository provides a collection of Model Context Protocol (MCP) servers to enable AI agents to interact with and manage various Oracle Cloud Infrastructure (OCI) services, Oracle Database, and MySQL databases through natural language.
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.