uipath-mcp-server
by javaos74
Overview
UiPath Model Context Protocol (MCP) Server with a Web UI for managing multiple MCP endpoints and integrating with UiPath processes for automation.
Installation
docker run -p 8000:8000 uipath-mcp-server:latestEnvironment Variables
- API_HOST
- API_PORT
- DB_PATH
- SECRET_KEY
- TOOL_CALL_TIMEOUT
- UIPATH_URL
- UIPATH_ACCESS_TOKEN
- UIPATH_OAUTH_SCOPE
- UIPATH_TENANT_NAME
Security Notes
CRITICAL VULNERABILITIES: 1. SSL Verification Disabled: The system defaults to `verify=False` for HTTPX requests when connecting to non-UiPath Cloud URLs, which is a critical vulnerability for Man-in-the-Middle (MITM) attacks. While this might be a workaround for self-signed certificates in on-premise environments, it should be configurable and ideally use a trusted certificate store. 2. Weak Default Secrets: A hardcoded default `SECRET_KEY` is used for JWT token signing if not overridden by an environment variable, making JWT tokens easily forgeable. Similarly, a default `admin`/`admin` user is created on first startup, exposing the system to immediate compromise if left unchanged. Other concerns include: non-expiring API tokens and support for passing tokens in URL query parameters, which is less secure.
Similar Servers
mcpo
Exposes Model Context Protocol (MCP) tools as OpenAPI-compatible HTTP servers.
context-engineering
Provides a Model Context Protocol (MCP) server that enables AI agents to control a web browser using Selenium for web automation tasks.
azure-devops-mcp-server
Exposes Azure DevOps operations as tools for AI assistants, enabling AI agents to automate tasks like creating work items, managing pull requests, and queuing builds.
mcp-compose
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.