mcp-server-llmling
Verified Safeby phil65
Overview
mcp-server-llmling serves as a Machine Chat Protocol (MCP) server, providing a YAML-based system to configure and manage LLM applications, including resources, prompts, and tools.
Installation
uvx mcp-server-llmling@latestSecurity Notes
The server includes a 'config injection server' (FastAPI/WebSocket API) that, if enabled and exposed, allows for arbitrary code execution. This includes registering Python code as tools, importing functions from specified paths, and installing Python packages via pip. While disabled by default and restricted to 'stdio' transport by default, enabling this feature (e.g., via `--enable-injection`) requires extreme caution and robust access controls as it presents a severe Remote Code Execution (RCE) vulnerability. Additionally, example configurations may load external scripts from untrusted sources (e.g., Gist URLs), posing a supply chain risk if used.
Similar Servers
mcp-servers
A curated collection of Model Context Protocol (MCP) server configurations to integrate various developer tools and services with AI agents.
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
action_mcp
ActionMCP is a Ruby gem providing Model Context Protocol (MCP) server capabilities to Rails applications, enabling AI assistants to connect to external data sources and tools.
mcp-servers
An MCP server for managing files in Google Cloud Storage, supporting CRUD operations (save, get, search, delete) and exposing files as resources.