ro-crate-mcp-server
Verified Safeby johannehouweling
Overview
Server for indexing and querying Research Object (RO-Crates) using pluggable storage backends and offering keyword and semantic search capabilities.
Installation
python -m rocrate_mcp.mainEnvironment Variables
- ROC_MCP_INDEX_MODE
- ROC_MCP_STORAGE_BACKEND
- ROC_MCP_BACKEND
- ROC_MCP_FILESYSTEM_ROOT
- ROC_MCP_FILESYSTEM_ROOT_PREFIX
- ROC_MCP_FILESYSTEM_DEFAULT_SUFFIXES
- ROC_MCP_AZURE_CONNECTION_STRING
- ROC_MCP_AZURE_CONTAINER
- ROC_MCP_HTTP_BASE_URL
- ROC_MCP_HTTP_ROOT_PREFIX
- ROC_MCP_HTTP_DEFAULT_SUFFIXES
- ROC_MCP_HTTP_TIMEOUT
- ROC_MCP_INDEXED_DB_PATH
- ROC_MCP_FIELDS_TO_INDEX
- ROC_MCP_EMBEDDINGS_PROVIDER
- ROC_MCP_EMBEDDINGS_API_KEY
- ROC_MCP_EMBEDDINGS_MODEL_NAME
Security Notes
The codebase demonstrates good security practices for preventing common vulnerabilities: 'pydantic-settings' with 'SecretStr' is used for sensitive environment variables like API keys. Filesystem and HTTP storage backends include explicit path traversal prevention checks. The zip file extraction utility (`zip_reader.py`) also safely extracts members, mitigating 'zip slip' vulnerabilities. SQL queries in `sqlite_store.py` use parameter binding to prevent SQL injection. The custom query parser and FTS interaction appear to correctly use parameterized queries for SQLite FTS, reducing injection risk. No 'eval' or direct shell command execution with unsanitized user input was observed.
Similar Servers
Archive-Agent
An intelligent file indexer with powerful AI search (RAG engine), automatic OCR, and a seamless MCP interface to unlock documents with natural language.
mcp-raganything
Provides a FastAPI REST API and MCP server for Retrieval Augmented Generation (RAG) capabilities, integrating with the RAG-Anything and LightRAG libraries for multi-modal document processing and knowledge graph operations.
rust-code-mcp
Semantic code search, navigation, and analysis for Rust codebases, integrating with an MCP client.
PairOfCleats
Codebase analysis and intelligence server, providing indexing, search, risk analysis, and vulnerability triage capabilities.