mcp-dual-interface-demo
Verified Safeby jonmatum
Overview
Demonstrates a dual-interface architecture for a Todo application, allowing interaction via a traditional web app and an AI interface (MCP server) powered by shared business logic.
Installation
make startEnvironment Variables
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- AWS_DEFAULT_REGION
- DYNAMODB_ENDPOINT
Security Notes
The server uses hardcoded 'test' AWS credentials for DynamoDB local, which would be a critical vulnerability if deployed to a real AWS environment without being replaced. The FastAPI backend has a permissive CORS policy (`allow_origins=["*"]`), which is unsafe for production deployment. No obvious `eval()` or direct command injection vulnerabilities were found in the application logic itself. These issues are acceptable for a local demo but require careful remediation for production.
Similar Servers
SageMCP
A scalable platform for hosting MCP servers with multi-tenant support, OAuth integration, and connector plugins for various services, deployed on Kubernetes.
Omnispindle
Omnispindle acts as a coordination layer providing standardized Model Context Protocol (MCP) tools for AI agents to manage todos, capture lessons, and facilitate cross-project coordination within the Madness Interactive ecosystem.
supatask
Manages local tasks, time tracking, and activity logging with a web interface, rich CLI, and AI assistant integration via the Model Context Protocol (MCP).
mcp-cf7b72a7-27e74bd9-todo-list-mcp
This MCP server exposes a Todo List API as tools for AI models like Claude.