mcp-server-everything-sse
Verified Safeby namm163
Overview
A test server for developers building Model Context Protocol (MCP) clients, demonstrating various MCP features like tools, prompts, resources, and sampling.
Installation
npx @modelcontextprotocol/server-everythingEnvironment Variables
- PORT
Security Notes
The 'printEnv' tool exposes all server-side environment variables, which can lead to information disclosure if sensitive data is stored in environment variables and accessed by an unauthorized client. The 'zip' tool fetches arbitrary URLs, posing a Server-Side Request Forgery (SSRF) risk if a malicious client provides internal or sensitive URLs. CORS is configured with 'origin: "*"' in sse.ts and streamableHttp.ts, which is insecure for production environments. These issues are noted in the context of a test server; no 'eval', child_process execution, or hardcoded secrets were found.
Similar Servers
SSE-Server
Provides real-time monitoring of HTTP requests received by a local server using Server-Sent Events (SSE).
mcp-server
A Node.js Express server designed to stream real-time data, specifically initial model loading and periodic updates (pings), to client applications using Server-Sent Events (SSE).
gfrestaurants-sse
Provides real-time updates and data streaming capabilities for a restaurant multi-channel platform.
mcp_server_template
Provides a boilerplate for building a server application utilizing Server-Sent Events (SSE).