mcp.zig
by nobita5609
Overview
Provides a Model Context Protocol (MCP) library in Zig, enabling AI applications to connect to external systems by exposing tools, resources, and prompts through a standardized protocol.
Installation
./zig-out/bin/example-serverSecurity Notes
The example code for handling resources and tools (`processFileHandler` in `docs/guide/error-handling.md`) directly uses an unsanitized `path` argument from client input with `std.fs.cwd().readFileAlloc`. This is a critical path traversal vulnerability, allowing a malicious client to read arbitrary files outside the intended working directory (e.g., `../../../../etc/passwd`). While there's an `accessAbsolute` check, it's insufficient to prevent this specific `readFileAlloc` vulnerability. This indicates a significant security risk in how tool/resource handlers might be implemented based on the provided guidance, or a lack of built-in sanitization within the library itself for such common operations. No other immediate malicious patterns, hardcoded secrets, or `eval` usage were found.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
rust-mcp-schema
Provides a type-safe Rust implementation of the Model Context Protocol (MCP) schema, enabling developers to build robust MCP servers and clients.
zeromcp
A minimal, pure Python Model Context Protocol (MCP) server for exposing tools, resources, and prompts via HTTP/SSE and Stdio transports.
haskell-mcp-server
Provides a fully-featured Haskell library for building Model Context Protocol (MCP) servers to enable AI agent interaction.