MCP-tool-lesson
by miguelfradeflores
Overview
Provides detailed Pokemon data from PokeAPI to AI assistants and other MCP clients via various tools.
Installation
python pokemon_mcp_server.pySecurity Notes
The `export_pokemon_to_csv` tool's `filename` parameter is vulnerable to path traversal if not properly sanitized or restricted. An attacker could potentially write files outside the intended directory by providing a manipulated `filename` (e.g., `../../malicious.csv`). No other critical vulnerabilities like `eval` or hardcoded secrets were found. Network requests are made to a public, well-known API.
Similar Servers
mcp-server
Provides a Model Context Protocol (MCP) server for AI agents to search and retrieve curated documentation for the Strands Agents framework, facilitating AI coding assistance.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
mcp-mcp
Discovers and suggests other Model Context Protocol (MCP) servers to AI assistants based on natural language queries, returning their full documentation.
openapi-mcp-server
Converts OpenAPI specifications into Model Context Protocol (MCP) tools, enabling AI assistants to interact with APIs.