mcp-servers
by maggots555
Overview
Advanced MCP server for file manipulation, search, code analysis, and Git integration, designed to extend client capabilities like Antigravity with VS Code-style editing.
Installation
node build/index.jsSecurity Notes
CRITICAL: The server is vulnerable to path traversal attacks due to a lack of input validation on file paths (`filePath`, `directory`, `path`, etc.) passed directly from user input to file system operations (e.g., `fs.readFile`, `fs.writeFile`, `fs.readdir`). This allows accessing or modifying files outside the intended project directory. SIGNIFICANT: Command injection risk exists with `git_diff` due to using `execAsync` and directly appending a user-provided `filePath` to the command string, despite an attempt to quote it. Input validation is insufficient. SIGNIFICANT: ReDoS (Regular Expression Denial of Service) vulnerability in `search_files` and `regex_replace` as user-supplied `pattern` strings are directly used to construct regular expressions, which could lead to server hang if a malicious or inefficient regex is provided. No sanitization or sandboxing of regex patterns is observed.
Similar Servers
git-mcp-server
A Model Context Protocol (MCP) server that provides Git-specific tools and resources for AI/LLM agents to interact with version control systems.
language-server-mcp
Provides language support features like hover information, code completion, and diagnostics for code editing through the Model Context Protocol (MCP).
mcp-playground
A web-based developer tool for testing, inspecting, and debugging Model Context Protocol (MCP) servers, supporting OAuth integration, request logging, and interactive execution of tools, resources, and prompts.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.