red_teaming_mcp_server
by jainsleyrod
Overview
Provides file system access, web content fetching, Git repository interaction, time utilities, memory management via a knowledge graph, and sequential thinking capabilities for LLMs.
Installation
npx -y @modelcontextprotocol/server-filesystem ${workspaceFolder}Security Notes
The `everything` server (part of this repository) includes a `printEnv` tool that exposes *all* environment variables, posing a critical information disclosure vulnerability. The `fetch` server explicitly warns about the ability to access local/internal IP addresses, creating a high-risk Server-Side Request Forgery (SSRF) vector. While the `filesystem` server (the primary focus of the provided README) implements robust path validation and atomic file operations to mitigate path traversal and symlink attacks, the presence of these other components in the same repository, often deployed together, severely compromises the overall security posture. The `git` server also takes `repo_path` as an argument without explicit validation against a server-side allowed roots list, which could allow access to arbitrary repositories. The `memory` server's persistence path can be overridden by an environment variable, which if misconfigured, could lead to arbitrary file creation/overwrite.
Similar Servers
vaer
Provides high-level, LLM-friendly weather tools and Norwegian place name resolution backed by MET Norway's Weather API via a proxy, designed for MCP-compatible clients.
codebase-context-mcp
An MCP server that provides AI agents with deep, context-aware understanding of a codebase's patterns, libraries, conventions, and architecture for generating more accurate and relevant code.
KM-remote-mcp-server
AI-powered expense management assistant that helps users track, summarize, and manage their personal expenses through natural language interactions.
RemoteMCPServer
Provides an HTTP API for programmatic web searching using the Tavily search engine.