aria-mcp
by joe-watkins
Overview
Provides comprehensive access to the W3C WAI-ARIA specification for accessibility professionals, developers, and AI agents to query ARIA roles, states, properties, and accessibility requirements.
Installation
npx -y aria-mcpSecurity Notes
The `scripts/parse-aria-spec.js` script uses `new Function('return ' + jsonMatch[1])()` to parse JavaScript files (`roleInfo.js`) obtained from the W3C ARIA Git submodule. While this occurs during a data parsing/build step and not the live server's runtime, and is meant for an ostensibly trusted W3C data source, executing code via `new Function()` with content from an external source (even a submodule) is a high-risk pattern. If the W3C ARIA repository were compromised or if a user were to run `npm run parse` on untrusted data, this could lead to arbitrary code execution. The runtime MCP server itself (`src/index.js`, `src/tools.js`) appears safer as it primarily performs lookups on the pre-generated static JSON data, but the build process introduces a significant vulnerability.
Similar Servers
brightdata-mcp
Enables AI agents to access, search, extract, and navigate the live web in real-time without being blocked.
mcp
This server provides Hyperbrowser's Model Context Protocol (MCP) interface, offering tools for web scraping, structured data extraction, crawling, and general-purpose browser automation using AI agents like OpenAI's CUA and Anthropic's Claude Computer Use.
apple-rag-mcp
Provides a comprehensive RAG (Retrieval-Augmented Generation) server for AI agents to search and retrieve content from Apple's developer documentation and WWDC transcripts.
blueprint-mcp
Enable AI assistants and coding agents to control and automate real web browsers (Chrome, Firefox, Opera) through a browser extension, maintaining logged-in sessions and avoiding bot detection.