weave-mcp
by maximilien
Overview
Provide a Model Context Protocol (MCP) server for managing and interacting with various vector databases, offering AI-powered tools for schema and chunking suggestions.
Installation
./start.sh httpEnvironment Variables
- OPENAI_API_KEY
- WEAVIATE_URL
- WEAVIATE_API_KEY
- VECTOR_DB_TYPE
- SUPABASE_URL
- SUPABASE_DATABASE_URL
- SUPABASE_SERVICE_KEY
- MCP_SERVER_HOST
- MCP_SERVER_PORT
Security Notes
The `executeCommand` function in `src/pkg/mcp/handlers.go` directly executes shell commands (`sh -c`) constructed with user-provided input (e.g., `source_path`, `requirements`). This poses a significant shell injection vulnerability if input is not rigorously sanitized. Additionally, the Weaviate client (`src/pkg/weaviate/weave_client.go`) constructs GraphQL queries using string formatting with user-provided filters (e.g., `valueString: "*filename\": \"%s\"*"`), which could lead to GraphQL injection if the input is not adequately escaped. Default CORS configuration allowing `*` is flexible but can be a security risk if not properly restricted in production environments.
Similar Servers
mongodb-mcp-server
Provides a robust AI agent interface for interacting with MongoDB databases and MongoDB Atlas cloud services, enabling tool-calling for data management, monitoring, and search operations.
orla
Orla acts as a runtime for Model Context Protocol (MCP) servers, enabling the execution of lightweight open-source AI agents and command-line tools locally.
mcp
Provides a Model Context Protocol (MCP) interface for managing and querying MariaDB databases, supporting standard SQL operations and advanced vector/embedding-based search for AI assistants.
toolhive-registry-server
The central metadata hub for enterprise Model Context Protocol (MCP) server governance and discovery, implementing the official MCP Registry API specification.