viro
Verified Safeby micartey
Overview
viro is a Java overlay doodle application designed for drawing and highlighting during screen sharings or recordings, with an SSE-MCP-Endpoint for LLM interaction.
Installation
nix run github:micartey/viroSecurity Notes
The server exposes an SSE-MCP-Endpoint at `http://localhost:8099/mcp/sse` for LLM interaction, which is local-only and mitigates external network risks. The `ImageTools.drawImage` and `ImageTools.drawImageFromURL` functions allow loading images from local file paths and arbitrary URLs, respectively. If an untrusted LLM has control over the input `path` for these tools, it could potentially access local files or trigger network requests to malicious URLs. This poses a risk if the LLM interaction is not properly sandboxed or if the LLM is untrusted. However, for a local desktop application used with a (presumably trusted) user's LLM, the direct threat is reduced.
Similar Servers
jadx-mcp-server
A fully automated Model Context Protocol (MCP) server that acts as a bridge for LLMs (like Claude) to interact with a JADX-AI-MCP plugin for Android APK reverse engineering, vulnerability analysis, and manifest parsing.
solon-ai
Provides a client and server implementation for the Model Context Protocol (MCP), enabling AI models to interact with external tools, resources, and prompt templates through a standardized, asynchronous interface.
quarkus-mcp-server
A secure Model Context Protocol (MCP) server that provides tools, prompts, and resources through SSE/HTTP and WebSocket, integrating with OIDC/OAuth2 providers for authentication.
MCP-Server_AI-interaction
Facilitates advanced user interaction with an AI agent by providing a persistent graphical interface for text input, workspace-aware file/folder attachment, and drag-and-drop image attachment with multi-language support.