mcp_resource_server
by nickweedon
Overview
Provides file and image operations, including downloads, resizing, and blob storage for inter-service communication.
Installation
uv run mcp-resource-serverSecurity Notes
CRITICAL VULNERABILITY: The server is vulnerable to path traversal (arbitrary file read). The `_download_file_bytes` function directly constructs a file path from the `file_id` when `RESOURCE_SERVER_URL_PATTERN` uses the `file://` protocol. An attacker controlling the `file_id` parameter (e.g., through MCP tool calls like `get_file('../../etc/passwd')`) can read arbitrary files on the host filesystem outside the intended `/mnt/resources` directory. For example, passing `../../../../etc/passwd` as `file_id` would lead to the server reading `/etc/passwd`. This vulnerability allows unauthorized access to sensitive system files. There is also potential for SSRF if `RESOURCE_SERVER_URL_PATTERN` is misconfigured to allow external URL input.
Similar Servers
filesystem-mcp
Provides secure, efficient, and token-optimized filesystem operations for AI agents via the Model Context Protocol.
tinystruct-mcp
This server provides a JSON-RPC interface for Git, GitHub API, and file system operations, intended for integration into DevOps, automation, and AI-driven workflows.
URL-Content-Saver-MCP-Server
A high-performance NodeJS service providing a Model Context Protocol (MCP) tool for AI agents to reliably fetch and persistently store web content from specified URLs to local file paths.
irods-mcp-server
Provides an MCP (Multi-Client Protocol) server to enable AI clients and other applications to access and manage data stored in an iRODS data grid.