elenchus-mcp
by jhlee0409
Overview
An MCP server that performs adversarial code verification through a Verifier-Critic debate loop to systematically find issues in codebases.
Installation
npx -y @jhlee0409/elenchus-mcpEnvironment Variables
- ELENCHUS_DATA_DIR
Security Notes
The `getGitDiff` function in `src/diff/git.ts` uses `child_process.exec` with a user-controlled `baseRef` parameter (`git diff --name-status ${baseRef}`), which is a potential command injection vulnerability if `baseRef` is not properly sanitized. There's also a risk of arbitrary file reads via `src/state/context.ts`'s `readFileWithCache` where `filePath` might be influenced by user input, potentially leading to information disclosure. Direct `JSON.parse` operations on LLM responses (e.g., in `src/tools/dynamic-roles.ts` and `src/tools/llm-eval-tools.ts`) occur before full Zod validation on the parsed content, which could be exploited with a specially crafted malformed JSON for denial-of-service, though this risk is mitigated by LLM's typical outputs.
Similar Servers
deep-code-reasoning-mcp
An AI agent system for deep code analysis and reasoning, likely leveraging large language models (LLMs).
context-engine
Provides an agent-agnostic local context engine via Model Context Protocol (MCP) for coding agents, enabling semantic search, planning, code review, and prompt enhancement with AI integration.
ast-mcp-server
Provides an MCP (Model Context Protocol) server for code structure and semantic analysis using ASTs and ASGs, integrated with external AI clients like Claude Desktop.
codebase-context
Provides AI coding agents with real-time, context-rich insights into a codebase's patterns, libraries, architecture, and conventions to improve code generation quality and alignment with team standards.