mwilliams_mcpbridge

The server's core function involves spawning child processes configured in `mcpbridge.config.json` using arbitrary `command` and `args`. This design, while necessary for its operation, introduces significant security risks: 1. **Arbitrary Command Execution**: If an attacker gains control over `mcpbridge.config.json`, they could configure the bridge to execute arbitrary commands on the host system where it runs. 2. **Supply Chain Risk**: The example configuration uses `npx -y @some/mcp-server@latest`, which automatically downloads and executes packages from npm. This can introduce vulnerabilities if a specified package is compromised or if an untrusted source influences which package is configured. 3. **No New Tool Input Validation**: The bridge acts as a proxy, passing arguments directly to the child MCP server tools. It does not add an additional layer of input validation beyond what the child tools or the MCP SDK provide. Therefore, vulnerabilities in underlying MCP servers (e.g., SQL injection, arbitrary file access) could still be exploited through the bridge. 4. **Sensitive Information in Config**: `mcpbridge.config.json` can contain sensitive API keys and secrets. Improper handling or exposure of this file is a major security concern. The project explicitly warns against committing real credentials. The server itself does not use `eval` or dynamic code execution based on AI input within its own code. The primary risks stem from the powerful capabilities granted by its configuration and the privileges required to run child processes.