penpot-mcp
Verified Safeby penpot
Overview
The Penpot MCP server integrates LLMs with the Penpot Plugin API to enable AI agents to perform data queries, transformations, and creations within Penpot design files.
Installation
npm run bootstrapEnvironment Variables
- LOG_LEVEL
- LOG_DIR
Security Notes
The primary security risk is the 'execute_code' tool, which explicitly allows arbitrary JavaScript code execution within the Penpot plugin's sandboxed environment. While this is the intended functionality for an LLM agent, it introduces a significant risk of malicious code execution or privilege escalation if the LLM's output is compromised (e.g., via prompt injection) or if the server itself is exposed beyond 'localhost'. The REPL server also offers this functionality via a web interface. Currently, connections (HTTP/SSE on port 4401, WebSocket on port 4402, REPL on port 4403) are restricted to 'localhost', mitigating external network attacks. However, a compromised local machine could still exploit this capability.
Similar Servers
mcp-openapi-server
Exposes OpenAPI endpoints as Model Context Protocol (MCP) tools, enabling Large Language Models (LLMs) to discover and interact with REST APIs through a standardized protocol.
boilerplate-mcp-server
Provides a TypeScript boilerplate for developing custom Model Context Protocol (MCP) servers, with an IP geolocation tool as an example.
mcp
Provides a flexible Model Context Protocol (MCP) server framework for exposing remote tools, prompts, and resources over HTTP/SSE, enabling AI agents and clients to interact with custom functionalities.
mcp-agent-kit
Simplifies the creation and management of AI agents, chatbots, and Model Context Protocol (MCP) servers with various LLM providers.