mcp-server
by nguyenmanmkt
Overview
A web-based Docker management platform for deploying, managing, and building custom AI tools (MCP servers) for integration with language models.
Installation
npm startEnvironment Variables
- MCP_ENDPOINT
- GEMINI_API_KEY
- PERPLEXITY_API_KEY
Security Notes
CRITICAL: Multiple severe security vulnerabilities identified. User passwords are stored in plaintext in 'database.json'. The backend 'server.js' interacts directly with the Docker daemon socket, granting full control over the host's Docker environment via an API authenticated with plaintext credentials. The image build feature allows cloning arbitrary Git repositories and building Docker images, which is a critical Remote Code Execution (RCE) vulnerability if a malicious Dockerfile is provided. Furthermore, the 'calculator.py' MCP tool explicitly uses `eval(python_expression)` which is highly susceptible to RCE, even with attempts to limit scope. These combined issues make the system extremely vulnerable to unauthorized access, privilege escalation, and arbitrary code execution on the host.
Similar Servers
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.
mcp-cli
A command-line interface tool for managing Model Context Protocol (MCP) server configuration files across various AI tools.
mcp-compose
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.
suse-ai-up
A comprehensive, modular Model Context Protocol (MCP) proxy system that enables secure, scalable, and extensible AI model integrations.