red_teaming_mcp_server

The `everything` server (part of this repository) includes a `printEnv` tool that exposes *all* environment variables, posing a critical information disclosure vulnerability. The `fetch` server explicitly warns about the ability to access local/internal IP addresses, creating a high-risk Server-Side Request Forgery (SSRF) vector. While the `filesystem` server (the primary focus of the provided README) implements robust path validation and atomic file operations to mitigate path traversal and symlink attacks, the presence of these other components in the same repository, often deployed together, severely compromises the overall security posture. The `git` server also takes `repo_path` as an argument without explicit validation against a server-side allowed roots list, which could allow access to arbitrary repositories. The `memory` server's persistence path can be overridden by an environment variable, which if misconfigured, could lead to arbitrary file creation/overwrite.