osim-mcp-server
Verified Safeby osim-group
Overview
Provides Model Context Protocol (MCP) access to OSIM (Open Security Information Model) data standards, enabling clients to query and retrieve security-related schemas and their definitions.
Installation
uvx osim-mcp-serverEnvironment Variables
- OSIM_AUTO_UPDATE
- OSIM_UPDATE_TIMEOUT
Security Notes
The server uses `subprocess.run` to execute `git clone` for updating schemas from a fixed GitHub repository. While the target URL is trusted, this introduces a supply chain risk if the upstream OSIM schema repository were to be compromised, potentially leading to malicious JSON schema files being downloaded. However, the server's loader only parses JSON, mitigating direct code execution risk from compromised schemas. No `eval` or other highly dangerous functions were found. Network requests for version checks and schema downloads are directed to specific, known GitHub URLs. No hardcoded secrets were identified.
Similar Servers
mcp-security-scanner
A Python-based penetration testing tool designed to scan and identify vulnerabilities in Model Context Protocol (MCP) servers.
pypi-query-mcp-server
A Model Context Protocol (MCP) server for querying PyPI package information, dependencies, and compatibility checking, assisting AI agents in Python development workflows.
Mcpwn
Automated security testing framework for Model Context Protocol (MCP) servers, detecting RCE, path traversal, prompt injection, and protocol vulnerabilities.
openstudio-mcp-server
Enables AI assistants like Claude to interact with OpenStudio building energy models through a comprehensive set of natural language accessible tools for loading, inspecting, and manipulating models.